Skip to main content

Dropbox denies hack after 7 million accounts are compromised

Hundreds of Dropbox account details have been leaked online via a Reddit thread today, but it has not been confirmed where they were obtained from.

The username and password pairs were shared in four Pastebin files, listed in plain text as "teases" for a full leak.

Read more: A guide for two-factor authentication: Which websites offer it, and how to set it up

The anonymous user behind the leak has asked for Bitcoin donations before continuing with further leaks, which are claimed to be part of a "massive hack of 7,000,000 accounts."

At the time of writing, multiple Reddit users confirmed that the credentials worked on multiple accounts listed, but it is not clear yet how many users have been affected.

However, Dropbox has come out quickly to dismiss speculation that it is to blame for the leak. In a statement to The Next Web, the cloud storage service claimed that the credentials were stolen from other, third party services.

"Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts," the statement read. "We'd previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well."

Read more: iCloud ain't broke, says Apple after nude celeb photo hack

Dropbox has confirmed that it issued password reset requests to these accounts several months ago after it detected suspicious activity. The company also reiterated that it encourages users to enable two-step verification and not to reuse passwords across services.