In what has been a month of monumental security breaches and cloud compromise stories, 400 Dropbox user names and passwords appeared online yesterday in a leak purporting access to over 7 million accounts taken from Dropbox servers.
Dropbox, whose business model is anchored on secure storage of free and paid user information, denied that there had been a breach and instead pointed to a third party source from which the information was taken. Dropbox added that many of the said passwords are no longer updated or in use but cautioned users to consider using two-step verification when putting information up on the service. Hit jump for their statement.
Recent news articles claiming that Dropbox was hacked aren't true. Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens.
Attacks like these are one of the reasons why we strongly encourage users not to reuse passwords across services. For an added layer of security, we always recommend enabling 2 step verification on your account.
Dropbox maintains it had previously detected the attacks, and that all passwords in the list are no longer in service, with a "vast majority" having been expired "for some time now." Here's how to enable two-step verification on Dropbox.
Source: Appleinsider