Were Dropbox Passwords Hacked?

Hackers' Claims Debunked by Company
Were Dropbox Passwords Hacked?

Hackers are claiming to have obtained usernames and passwords for 7 million Dropbox accounts. But the cloud storage company says it wasn't breached and that the credentials do not appear to be associated with Dropbox accounts. It says the credentials likely came from "unrelated services."

See Also: Suddenly, AI-Powered Threats Don’t Seem So Intelligent

"Attackers ... used these stolen credentials to try to log in to sites across the Internet, including Dropbox," the company says in an Oct. 13 blog post. "We have measures in place to detect suspicious log-in activity and we automatically reset passwords when it happens."

The self-proclaimed hackers have been teasing the stolen credentials on Pastebin, releasing small "sample" amounts of accounts.

"Attacks like these are one of the reasons why we strongly encourage users not to reuse passwords across services," Dropbox says.

Two-Factor Authentication

The credential leak highlights the need to enable two-factor authentication for online services such as Dropbox, which is recommending its users enable the functionality on their accounts.

"Businesses should be identifying users in their environments who have Dropbox installed on their systems and either force them to remove it or enable two-factor authentication," says Tim Erlin, director of security and risk at Tripwire, a cyberthreat detection company.

The incident appears to be a scare tactic, because Dropbox claims there's been no compromise, says Chris Boyd, an analyst at Malwarebytes, an anti-malware firm. "Anyone can post extravagant claims to Pastebin," he says. "While there's no harm in changing a password once word of a potential breach gets out, we shouldn't panic and wait until more concrete information comes to light."

About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.asia, you agree to our use of cookies.