7 million Dropbox username/password pairs apparently leaked
Popular online locker service Dropbox appears to have been hacked. A series of posts have been made to Pastebin allegedly containing login credentials for hundreds of Dropbox accounts. The poster claims that 6,937,081 account credentials in total have been compromised.
reddit users who tested some of the leaked credentials have confirmed that at least some of them work. Dropbox seems to have bulk reset all the accounts listed in the Pastebin postings, though thus far passwords for other accounts do not appear to have been reset.
The hackers claim that they will release more username/password pairs if they receive donations to their Bitcoin address.
We’ve asked Dropbox for comment. In the meantime, it’s probably wise to change your Dropbox password to a strong password, and, if practical, enable two-factor authentication. The service currently appears to be struggling to process password changes in a timely manner, however.
Update: Dropbox has sent us the following statement:
Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well.