A thread recently surfaced on Reddit that contained links to files containing hundreds of Dropbox usernames and passwords in plain text, while at this point, its origins remain unclear. Supposedly, hackers are threatening a major breach in Dropbox security, claiming to have stolen the log-in credentials of nearly 7 million users. If their Bitcoin ransom is paid, the cyber criminals are promising to release more password details.
How many victims? The log-in details for 400 email addresses, each one starting with the letter B, have been labeled as a “first teaser… just to get things going.” In what may appear to be part of a much larger-scale Dropbox hack, the hackers claim to have accessed details from 6,937,081 individual accounts.
What information was breached? It remains uncertain as to how the account details were accessed and of course, whether or not they are actually valid. However, the hackers are believed to be in possession of various user photos, videos and other files.
When did it happen? An entry on Pastebin was posted on October 13 at 4:10pm CDT with a link to the list of emails and matching plain text passwords.
What they’re saying: Dropbox has issued a statement on its blog emphasizing that the passwords were stolen from “unrelated services.”
Recent news articles claiming that Dropbox was hacked aren’t true. Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens.
Attacks like these are one of the reasons why we strongly encourage users not to reuse passwords across services. For an added layer of security, we always recommend enabling two-step certification to your account.
Despite its legitimacy, this incident highlights the increasingly common way hackers are using to gain access to identity credentials, such as usernames, passwords and other personal information. With the number of breaches on the rise and security at our core, learn how Atmel has you covered.