If it’s a case of simple password cross-pollination (i.e. It also says no actual accounts were compromised as a result of the leaked credentials. But Dropbox’s statement confirms the initially posted credentials are - or rather were - genuine account logins for its service. It’s unclear exactly which other website(s) or service(s) is the source of the security breach.
All other remaining passwords have been expired as well. We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now.
These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. In an earlier statement given to The Next Web the company also noted that it had “previously detected these attacks”, adding that “the vast majority of the passwords posted have been expired for some time now”:ĭropbox has not been hacked. For an added layer of security, we always recommend enabling 2 step verification on your account. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens.Īttacks like these are one of the reasons why we strongly encourage users not to reuse passwords across services. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Recent news articles claiming that Dropbox was hacked aren’t true. In a post on the company Blog - unequivocally entitled ‘ Dropbox wasn’t hacked‘ - Dropbox’s Anton Mityagin writes: Rather the culprit looks like password reuse across other web services. However unlike Snapchat it appears services using Dropbox’s API were not to blame here. We’ve checked and these are not associated with Dropbox accounts.”Īs with the Snapchat hack, Dropbox has pointed the finger of blame for the 400 compromised accounts elsewhere - at “unrelated” third party services - stressing that its own security has not been compromised. In an update to a blog post about the attack Dropbox notes: “A subsequent list of usernames and passwords has been posted online. However these follow up pastes do not appear to be genuine. This leak has since been followed up with a couple more pastes (of around a hundred account credentials apiece). An anonymous Pastebin user has claimed to have compromised almost seven million Dropbox account credentials (emails and passwords), posting the first 400 direct to Pastebin with a call for Bitcoin donations to leak more. After last week’s Snapchat photo hack, it’s cloud storage provider Dropbox’s turn in the unsavory insecurity spotlight.
0 kommentar(er)
