Skip to main content [aditude-amp id="stickyleaderboard" targeting='{"env":"staging","page_type":"article","post_id":1576451,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"business,security,","session":"D"}']

Hackers claim they have stolen nearly 7 million Dropbox passwords (updated)

"Hackers" movie poster

Image Credit: MGM

Updated 8:30pm Pacific with Dropbox’s response.

Hundreds of alleged usernames and passwords for Dropbox have been published on Pastebin, an anonymous information-sharing site.

[aditude-amp id="flyingcarpet" targeting='{"env":"staging","page_type":"article","post_id":1576451,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"business,security,","session":"D"}']

Above: Sample of usernames and passwords allegedly stolen from Dropbox.

Image Credit: Screenshot

The apparent hackers claim to have nabbed 6,937,081 passwords and today published a “teaser” of 400 username-password pairs. They requested donations in Bitcoin and promised to release more passwords based on how much of the virtual currency they receive. The usernames appeared in alphabetical order starting with benitacran@btinternet.com and ending with bigjoetownsend@hotmail.com.

Dropbox, however, says the hack is bogus. The company offered VentureBeat this response to our inquiry:

AI Weekly

The must-read newsletter for AI and Big Data industry written by Khari Johnson, Kyle Wiggers, and Seth Colaner.

Included with VentureBeat Insider and VentureBeat VIP memberships.

Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well.

Subsequently, two more “teasers” appeared on Pastebin.

A Reddit thread first mentioned the apparent leak about three hours ago. The Reddit user who first submitted the link later said that usernames and passwords in the file actually did work.

Dropbox posted a warning against phishing scams on October 9.

While this hack may not be legitimate, and even though Dropbox says it expired most of these passwords long ago, the fact that someone on Reddit is claiming that the passwords do work is cause for concern.

It’s probably a good idea to change your password just to be safe — especially if you use the same password on multiple sites — and enable two-factor authentication, which Dropbox now supports. 

Via The Next Web

[aditude-amp id="medium1" targeting='{"env":"staging","page_type":"article","post_id":1576451,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"business,security,","session":"D"}']

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn More