Dropbox is at the centre of a leak scandal, following the releasing of 400 usernames and passwords by an anonymous user on Pastebin.
The hacker claims the initial dump is just a portion of the 6,937,081 Dropbox accounts he claims to have compromised on Tuesday. He then requested Bitcoins in payment before he would allow access to more accounts.
Dropbox claims these password are from another service hack and the passwords are expired. “Recent news articles claiming that Dropbox was hacked aren’t true,” Dropbox said in a blog post on Monday evening. “Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox.”
Even if Dropbox wasn’t hacked, it doesn’t mean your account is safe and sound yet. If you use the same username and password across all services and haven’t changed your password recently your account could be at risk. Dropbox is encouraging and almost requiring users to set up two factor authentication to stop user accounts from being compromised.
Dropbox also says that it has “measures in place to detect suspicious login activity and we automatically reset passwords when it happens.” And if you still think your account is at risk you can reset your password and set up two factor authentication.
It begs the question of what service was hacked that yielded these 7 million account usernames and passwords.