In what may be the thin edge of the wedge, a Reddit thread has popped up in which it is claimed readers will find hundreds of Dropbox credentials, leaving a huge number of the online storage firm’s users potentially wide open to having their accounts compromised.
The thread, which links to four individual Pastebin files supposedly laden with the usernames and passwords, also includes a message saying that the few hundred leaked credentials are just the start, with up to 7,000,000 accounts having been compromised. Finding the remainder is apparently just a simple case of knowing the right search term.
Here is another batch of Hacked Dropbox accounts from the massive hack of 7,000,000 accounts. To see plenty more, just search on [redacted] for the term Dropbox hack.
At this point we’d suggest you head straight over to Dropbox and change your passwords just in case, and while you’re there it wouldn’t hurt to turn two-factor authentication on if it isn’t already enabled. In fact, go and turn two-factor authentication on for any service you use that supports it. Do that now. We’ll wait for you to come back.
Dropbox has been quick to deny that any hack of its servers took place, and that the majority of the credentials being handed out have already been disabled, with Dropbox having sent emails to affected users months ago. It seems, according to Dropbox at least, that the weak link in its security was actually one of the many third-party services that we give our Dropbox usernames and passwords to on a daily basis.
Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well.
Regardless of the source of the incident, or who’s to blame for it, this recent turn of events highlights not only the need for strong passwords, but also to change them on a regular basis. If these credentials were indeed compromised some time ago, regular password changes would mitigate the impact. We know nobody enjoys changing passwords, but doing it before such incident takes place has to be more fun than doing it after one.
You may also like to check out:
You can follow us on Twitter, add us to your circle on Google+ or like our Facebook page to keep yourself updated on all the latest from Microsoft, Google, Apple and the web.
