Breach Brief: Hundreds of Dropbox accounts leaked after third-party hack

A thread recently surfaced on Reddit that contained links to files containing hundreds of Dropbox usernames and passwords in plain text, while at this point, its origins remain unclear. Supposedly, hackers are threatening a major breach in Dropbox security, claiming to have stolen the log-in credentials of nearly 7 million users. If their Bitcoin ransom is paid, the cyber criminals are promising to release more password details.

How many victims? The log-in details for 400 email addresses, each one starting with the letter B, have been labeled as a “first teaser… just to get things going.” In what may appear to be part of a much larger-scale Dropbox hack, the hackers claim to have accessed details from 6,937,081 individual accounts.

What information was breached? It remains uncertain as to how the account details were accessed and of course, whether or not they are actually valid. However, the hackers are believed to be in possession of various user photos, videos and other files.

When did it happen? An entry on Pastebin was posted on October 13 at 4:10pm CDT with a link to the list of emails and matching plain text passwords.

What they’re saying: Dropbox has issued a statement on its blog emphasizing that the passwords were stolen from “unrelated services.”

Recent news articles claiming that Dropbox was hacked aren’t true. Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens.

Attacks like these are one of the reasons why we strongly encourage users not to reuse passwords across services. For an added layer of security, we always recommend enabling two-step certification to your account.

Despite its legitimacy, this incident highlights the increasingly common way hackers are using to gain access to identity credentials, such as usernames, passwords and other personal information. With the number of breaches on the rise and security at our core, learn how Atmel has you covered.

Breach Brief: Kmart victim of month-long data breach

Kmart has became the latest retailer to announce a breach in its payment systems.

How many victims? The company did not indicate how many stores were affected or how many customer credit cards were potentially compromised but said the malware had been removed.

What information was breached? The affected systems contained payment card customer names, numbers and expiration dates. The company has no evidence that other customer personal information, such as social security numbers, PINs and email addresses, was compromised as a result of this malware infection.

When did it happen? Sears Holdings Corp. announced that it detected a data breach at its Kmart stores that began in September 2014, affecting certain customers’ credit and debit card accounts.

What they’re saying: “Our Kmart store payment data systems were infected with a form of malware that was undetectable by current anti-virus systems,” Sears Holdings said in a statement.

Kmart has apologized to the public and said it was in the process of working with federal authorities, banking partners and security firms in an ongoing investigation into the hacking. The Secret Service was among the agencies in the probe, a spokesman said. Earlier this summer, the Secret Service estimated that nearly 1,000 American merchants were affected by this kind of attack, and that many of them may not even know that they were breached.

With the number of breaches on the rise and security at our core, learn how Atmel has you covered.

Breach Brief: Dairy Queen says 395 stores hit by data breach

Dairy Queen is the latest company to get hit by a security breach, confirming that nearly 400 locations (and one Orange Julius location) were compromised by Backoff malware in August.

How many victims? The credit and debit card systems of 395 Dairy Queen locations were infected with the infamous Backoff malware that has targeted retailers around the country, Dairy Queen said in a news release.

What information was breached? The affected systems contained payment card customer names, numbers and expiration dates. The company has no evidence that other customer personal information, such as Social Security numbers, PINs or email addresses, was compromised as a result of this malware infection.

When did it happen? While the time period for each store affected varies by location, some breaches began as early as August 1, 2014 and ended as late as October 6, 2014.

With the number of breaches on the rise and security at our core, learn how Atmel has you covered.