A cache of Dropbox login credentials were posted to Reddit yesterday, with hackers claiming that it's merely the tip of an iceberg containing more than seven million account usernames and passwords. According to The Next Web four Pastebin dumps contained hundreds of compromised details, with Reddit users claiming that many of said details were valid at the time of posting.
It's believed that the hackers posted the logins in order to solicit Bitcoin donations for the rest of the database, with a post stating:
Here is another batch of Hacked Dropbox accounts from the massive hack of 7,000,000 accounts
To see plenty more, just search on [Redacted] for the term Dropbox hack.
More to come, keep showing your support
To see plenty more, just search on [Redacted] for the term Dropbox hack.
More to come, keep showing your support
For their part Dropbox have responded by saying that the information posted thus far is from accounts which already had associated suspicious activity over the past months, and in the vast majority of cases have been updated to a new password in the intervening period. They also state that Dropbox itself wasn't hacked, rather a third party service which makes use of Dropbox logins were compromised; the number of stolen details has not been shared.
Although Dropbox periodically prompt for a new password whenever they detect suspicious activity on your account, it may now be sensible to update your passwords if you haven't done so recently. Additionally Dropbox offers 2-step authentication through SMS and a mobile app; you're unlikely to find a better excuse to sign up to it.
Source: The Next Web via Gizmodo
