On Monday, hundreds of logins and passwords were posted to Pastebin, with the author claiming they came from Dropbox – and that there were almost 7 million more where that came from. He asked for Bitcoin donations in exchange for posting more:
6,937,081 DROPBOX ACCOUNTS HACKED
PHOTOS – VIDEOS – OTHER FILES
MORE BITCOIN = MORE ACCOUNTS PUBLISHED ON PASTEBIN
As more BTC is donated , More pastebin pastes will appear
To find them, simply search for “DROPBOX HACKED” and you
will see any additional pastes as they are published.
FIRST TEASER – 400 DROPBOX ACCOUNTS Just to get things going…
Dropbox, the premiere cloud storage service for consumers, said late last night that the logins didn’t come from a hack of its servers. Instead, it was from third party services, and the logins were then tested across the Web, including at Dropbox.
But the company insists your data is safe:
Recent news articles claiming that Dropbox was hacked aren’t true. Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens.
Dropbox recommends turning on 2-step verification, in which a code is sent to a cell phone to confirm access to its website, or when a new device is added to an account. Whenever this is offered as a security feature, you should use it. If you’re a Dropbox customer, set it up now.
It’s also be a good idea to change your Dropbox password and – as always – don’t use the same password at multiple sites. If you do so and one service is compromised, then so is every other service where you’ve used that password.
[Spotted at The Next Web]