Following recent allegations that the file hosting service Dropbox was hacked, the company has responded by announcing the leaked database of nearly seven million login credentials was stolen from “unrelated services, not Dropbox.”
Millions of plaintext usernames and passwords were reportedly made publicly available on Pastebin Monday evening, with the guest poster claiming there were “more to come” if users sent Bitcoin donations.
Dropbox responded to the incident by stating the allegations of the compromise are false. “Your stuff is safe,” said Anton Mityagin of Dropbox in a blog post. The company believes the login credentials came from other services, instead:
“Attackers then used these stolen credentials to try to log in to sites across the Internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens.”
According to Dropbox, a subsequent list of usernames and passwords posted online has been verified to not be associated with Dropbox accounts.
The cloud storage company strongly encourages users to refrain from reusing passwords across different services, as well as enabling 2-step verification on accounts.
Read More Here…