YouWhat
New member
A posting on pastebin has appeared containing user data of what is claimed to be nearly 7 million accounts on DropBox, this includes usernames and passwords, offered as proof of this, the user who posted this has offered up around 420 usernames and passwords.
I appears that this threat has legitimate standing and DropBox has taken action in the form of forcing every user to change their password upon successful completion of the login, and from what has been reported, any use of any app, or third party app to access the account will inform you of the password being expired.
Even though DropBox has appear to have taken action very quickly in this case, it will no doubt lead to hurt them within an already fragile industry where competition if rife and there are many competitors within the same market for your business and files.
For those users who use one password on multiple site, this could lead to further compromises on their account if their information is within the data that is now out there in the wild, and should hopefully serve as a warning to them as to how easily things online can get compromised through new exploits that are discovered on a daily basis.
As of yet Dropbox has not released any information on how this breach has occurred, nor has released any statement, but does lead to some worrying questions about them such as how they store the user information, and why are user passwords were stored in plain text format?
UPDATE
Recent news articles claiming that Dropbox was hacked aren’t true. Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens.
Attacks like these are one of the reasons why we strongly encourage users not to reuse passwords across services. For an added layer of security, we always recommend enabling 2 step verification on your account.
The above information was taken from the Dropbox blog, and link a 3rd party for the part of where the user and password information came from. Dropbox has said that the information that was leaked was outdated and worthless, but other sites has tried some of the leaked information for user accounts, and has verified that the information is real and they was able to access several accounts.
Attachments
Last edited by a moderator: