Popular online cloud storage provider, DropBox, appears to have had seven million username and password credentials leaked on the internet. A series of posts on Pastebin were released late Monday, revealing login information for hundreds of accounts, with the post claiming to have 6,937,081 account credentials compromised.
A Reddit thread brought attention to what they believed to be a possible hack or data breach of the cloud storage provider. Reddit users claim to have tested some of the credentials and confirmed at least some of them are working. DropBox seems to have bulk reset all accounts appearing on the pastebin leaks, though accounts do not appear to have had their passwords reset as of yet.
According to The Next Web, DropBox says the company performed password resets when it detected ‘suspicious activity’ on these accounts a few months prior.
Hackers claim they will release more of the nearly seven million DropBox accounts if they receive donations to their bitcoin address. Appearing to nearly be holding the account information of millions ransom.
DropBox has told a number of sources their service was not compromised nor did the company suffer any form of a data breach. DropBox told ARS Technica the following:
Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well.
While DropBox was not hacked, there is a good probability that someone has a huge cache of DropBox credentials waiting to be leaked. DropBox claims to accounts were stolen from other services, which may have been the result of another company data breach or password reuse. This is a timely reminder that it is never a good idea to reuse passwords on any number of websites.
It is highly recommended that you change your password and use a form of two-factor authentication to prevent unwanted logins or future attacks. Due to the high volume of password rests DropBox is currently encountering, the system appears to struggling to process the change in a timely manner.