ID: IRCNE2014102347
Date: 2014-10-20
According to “ESecurityPlanet”, Unidentified hackers recently posted several hundred email address and password combinations for Dropbox accounts on Pastebin, claiming that a total of 6,931,081 accounts had been hacked and asking for Bitcoin donations.
"As more BTC is donated, more Pastebin pastes will appear," the hackers wrote.
In response, Dropbox security engineer Anton Mityagin stated in a blog post that Dropbox had not been hacked, and that any matching credentials were the result of password reuse, not a breach.
"Your stuff is safe," Mityagin wrote. "The usernames and passwords ... were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the Internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens."
In a statement provided to The Next Web, the company added, "We'd previously detected these attacks and the vast majority of passwords posted have been expired for some time now."
"Attacks like these are one of the reasons why we strongly encourage users not to reuse passwords across services," Mityagin explained. "For an added layer of security, we always recommend enabling two step verification on your account."
Still, it may be difficult to do so in the short term -- several people posted comments on the Dropbox blog complaining that the two-step verification process wasn't working. "Dropbox says to enable 2-step auth... and it doesn't work," Josh S wrote. "Been trying it for 3 hours now. Never get the code."
In a similar breach last month, a hacker published login credentials for 4,929,090 Gmail accounts. In response, Google claimed that the leak was not the result of a Gmail breach.
"Often, these credentials are obtained through a combination of other sources," Google explained at the time. "For instance, if you reuse the same username and password across websites, and one of those websites gets hacked, your credentials could be used to log into the others."
- 2