Dropbox serves over 100 million users. If you;re one of them, you account might have been compromised.
A thread over at Reddit offered up 400 Dropbox usernames and passwords and included a note that over seven million accounts were compromised. Without much to go on, news articles started popping up claiming that Dropbox was hacked. With incremental false news being spread, Dropbox took to their blog page to post the following statement:
Recent news articles claiming that Dropbox was hacked aren’t true. Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens.
Attacks like these are one of the reasons why we strongly encourage users not to reuse passwords across services. For an added layer of security, we always recommend enabling 2 step verification on your account.
A further look at the released usernames and passwords show that the sample leak only contained usernames that started with the letter “B”. Dropbox is taking precautionary measures and advising that everyone change their passwords.
It’s important to highlight the fact that Dropbox claims they are not the ones to blame for a lack of security. Dropbox claimed that the account information leak was the result of third party applications being compromised.
If the note about 7 million compromised accounts holds true, this will be another big hit to popular services. Previously, Apple’s iCloud and Facebook’s Snapchat both had user accounts compromised.
So far, blaming companies for their lack of security measures have not been a result of the hacks. In fact, companies like Google are having layers point fingers their way. It will be interesting to see if the same will happen to Reddit despite the fact that they were not responsible for the hack in the same manner that Google was not responsible for the iCloud leak.