Breaking, Cloud Computing, Rumors, Software Programs, VR World

Hacker Claims to Have Access to 7 Million Dropbox Accounts

Dropbox Dropbox

Update: Dropbox denies that it was hacked and posted the following on its blog.

Recent news articles claiming that Dropbox was hacked aren’t true. Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens.

Attacks like these are one of the reasons why we strongly encourage users not to reuse passwords across services. For an added layer of security, we always recommend enabling 2 step verification on your account.

Update: 10/14/2014 12:30am PT

A subsequent list of usernames and passwords has been posted online. We’ve checked and these are not associated with Dropbox accounts.

In a recent Pastebin posting, an anonymous hacker, who is asking for BTC donations to post more account usernames and passwords. He or she has already posted hundreds of account credentials, which check out to be authentic accounts if you test any of them out. The irony of this situation is that Dropbox had just recently posted a blog about now getting baited by phishing or malware on their website. Obviously, the 6,937,081 accounts that have supposedly been compromised are not all going to be the result of phishing or malware, but very likely due to some vulnerability in Dropbox’s own systems.

Most of the passwords that people have tested are expired passwords and may be flagged by Dropbox’s own systems as vulnerable accounts. Up until the time of publication, Dropbox has not published any official statements on their website or twitter account, but if you want to ensure that your Dropbox account is safe from account hacking you should enable 2 factor authentication (2FA). This means that even if someone has access to your username and password, they will still need to authenticate through your phone or an email account. This is a mandatory safeguard to keep yourself protected from such major password hacks and obviously, you need to enable it if you are serious about your own security.

Dropbox has recently also come under scrutiny from people like Edward Snowden who claim that the service is unsafe for people to use without government spying. They also have the former Secretary of State and National Security Advisor, Condoleezza Rice, on their board of directors which is seen as a very anti-privacy move considering that she was involved in many of the spying programs implemented today in one way or another