Just weeks after the iCloud breach our online private areas appear to have suffered another public outing with hackers today claiming they have the usernames and login details for approximately 7 million Dropbox accounts.
- 400 Dropbox usernames and passwords appeared on Pastebin today in what looks like an effort to legitimise the claims, with hackers claiming that more will be shared if they receive Bitcoin donations.
- The information already published has been tested and confirmed as genuine, however the release could be an elaborate scam.
- The hacker/s claim to have access to photos, videos and other files.
- Dropbox is already aware of this security breach, and are forcing password resets for all users who have had their information exposed on Pastebin.
- Dropbox has not issued a formal press statement but is reported to have said that the information was stolen from a third-party source.
Dropbox Update (15.10.14)
- Dropbox have now issued a formal statement through their Blog, confirming that Dropbox wasn't hacked. The login details were stolen from an unrelated site and used to login to Dropbox and other services.
Moral to the story
Many people use the same email and password combination for multiple services which means when one thing is breached, the flood gates are open. Consider the repercussions of a hacker gaining entry to your Cloud services and applications (Gmail, Dropbox, Social Media etc). If you store information in any of these locations that you don't want made public, rethink your approach to passwords. Do not use the same email and password combination for multiple applications and use two stage verification where possible (Dropbox has this functionality). Check out our expert guide on hackproof passwords.