Dropbox denies server hack as nearly 7 million account details leak

A hacking group has claimed that it has access to 6,937,081 Dropbox accounts with usernames and passwords, according to ZDNet. The first 400 log-in combinations were posted to Pastebin, with more to follow in return for payment in Bitcoin.

With a membership of over 220 million users, a leak of 7 million log-in details does not register as a widespread breach of the site, accounting for around 3 percent of the userbase.

Dropbox has issued a statement denying that the leak is a result of the company being hacked, stating: “These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts.”

The company encourages security conscious individuals to enable two-factor authentication on the site, which makes digital accounts markedly safer by requiring the entry of a one-time generated six digit code when accessing the site from a new device. You can read more about the benefits of two-factor authentication on We Live Security here.

The Dropbox statement goes on to suggest that the majority of the passwords are either old, or in the process of being blocked: “We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well.”

ZDNet reports on a mixed response to whether the log-in credentials work, stating that: “for what it’s worth some Reddit users have said that the login credentials work, while others report that Dropbox is expiring the passwords on the affected accounts.”

Perhaps because of this, as of October 14, The Register doesn’t believe anyone has taken up the hackers on the offer of more accounts: “The Reg’s check of the nominated account reveals no on has paid.”

Gil C / Shutterstock.com

Author , ESET

Follow us

Copyright © 2016 ESET, All Rights Reserved.