A list of account credentials (including passwords) claimed to be for hundreds of Dropbox accounts have been posted online.
The anonymous hackers claim to have the login information for 7 million accounts and are releasing the details of more users as they receive Bitcoin donations. However, a Dropbox spokesperson has reassured users of the service that their accounts are not at risk.
“Recent news articles claiming that Dropbox was hacked aren’t true. Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens.”
They also noted that all the passwords in the list are no longer in service, and haven’t been for some time. This is good news if anyone reading this uses the cloud storage service. However, Dropbox are encouraging their customers to change their passwords and turn on two-factor authentication, just to be safe.
The information was first posted to online news and social networking forum Reddit. Dropbox has since claimed that the password information on the list is out of date, and while the email address for the account won’t have changed, the passwords will have been reset due to suspicious activity.
With that in mind, users have been advised to follow Dropbox’s guidance and enable its security features on your account.
This story emerged shortly after a similar 3rd party Snapchat website breach, which revealed images that were meant to self-destruct.
What these two developments mean for iPhone users, is that users of these apps and services should monitor their cloud-stored data and activate two-step authentication on these services where possible.