NordVPN

Huge Dropbox leak means change your password now!

Douglas Crawford

Douglas Crawford

October 14, 2014

The popular (if very insecure) online backup and file sharing service Dropbox has had almost 7 million (6,937,081) account credentials (logon names and passwords) compromised.

Initial reports suggested that Dropbox had been hacked, but it now seems they were stolen by a third party service. In a statement to The Next Web, Dropbox said,

‘Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well.

The leak came to light when four Pastebin files were posted on Reddit yesterday, which showed the details of hundreds of Dropbox users whose unernames’ started with the letter ‘b’. The poster promised to leak more account credentials in return for Bitcoin donations.

It is unclear how old these details are, and Dropbox says that it has reset the passwords of accounts where suspicious activity has been detected, but we strongly suggest that all Dropbox users change their passwords now, as a simple precaution.

Turning on two-step verification is also a very good idea, as is securely encrypting files stored on Dropbox using EncFS. Another very good option is to move away from Dropbox completely, and use a more secure alternative.

 

Update: 10/14/2014 12:30am PT (posted by Drobox):

A subsequent list of usernames and passwords has been posted online. We’ve checked and these are not associated with Dropbox accounts.

Update 17 October 2014: It now seems likely that the account details did not even belong to Dropbox accounts, although because many users reuse account usernames/passwords it is still a good idea for users to change their  passwords.

Your Information will never be shared with any third party.
Enter your email address to receive your Beginner's Guide to Online Security for Free
You'll also receive great privacy news and exclusive software deals!
Enter your email to get the ebook:
Your Information will never be shared with any third party.
Enter your email address to receive your Ultimate Online Privacy Guide eBook!
You'll also receive great privacy news and exclusive software deals!
Enter your email to get the eBook:
Special VPN Deal
SAVE 49% TODAY
WITH OUR
Exclusive Offer
Get a Special Deal - 72% OFF!
With a biannual subscription
Exclusive Offer for BestVPN.com Visitors!
50% Off Annual Plan
Limited Time Only
Exclusive price of
$3.25/mo