Fear not, Dropbox users. Claims that hackers stole nearly 7 million username-and-password combinations from popular cloud storage service Dropbox are not true, according to a company spokesperson. Hundreds of supposedly stolen usernames and passwords were posted to Pastebin on Monday, with the poster saying that his or her group of hackers had stolen around 7 million of them. What did they want? Bitcoins in exchange for more revealed usernames and passwords. In a statement, Dropbox claimed that none of the data was stolen from its service:
Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We'd previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well.
The company used the incident as a healthy reminder for people not to use the same password for everything and to enable two-step verification.
IN-DEPTH
- Hack-Proof Your Life: A Guide to Internet Privacy in 2014
- Inside the Psychology of Celebrity Hackers: 'It's a Badge of Honor'
- Kill the Password: Why a String of Characters Can’t Protect Us Anymore (Wired)