A stash of roughly 7 million usernames and passwords of Dropbox
accounts has been reportedly leaked. A batch has been posted on Pastebin, which is a website that can store text online for a period of time.
As a teaser, the anonymous user claiming to have hacked Dropbox has posted 420 usernames and passwords to prove the authenticity of the leak, along with a message that says, "Here is another batch of Hacked Dropbox accounts from the massive hack of 7,000,000 accounts. To see plenty more, just search on for the term Dropbox hack. More to come, keep showing your support." The listing also notes, "More Bitcoin = More accounts published on Pastebin."
Dropbox however, was quick to respond to claims of the password hack and revealed that the leaked credentials were obtained from third-party services.
In a statement Dropbox told Reuters, "Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We'd previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well."
As a precautionary measure, Dropbox is already forcing users to change the password affected due to leaks. Dropbox added that "it performed password resets when it detected 'suspicious activity' on these accounts a few months ago."
As of now, it is unclear which third-party services were compromised.
Dropbox seems to be having a tough time as the company had to reach out to its consumers with an apology mail regarding Selective Sync issue that deleted some data from their cloud accounts. The company said that the problem affected users of the older versions of its Dropbox for desktop client when the app crashed or restarted while users were applying Selective Sync settings.