(LiveHacking.Com) – News broke yesterday of an alleged hack on Dropbox that could have potentially leaked the passwords of millions of users. An anonymous hacker posted a few hundred usernames and passwords on Pastebin and claimed that they were for Dropbox accounts. The leaked list is for accounts with email addresses starting with the letter “b”. The opening text stated that Dropbox had been hacked and that the hacker had access to some 6,937,081 credentials. The hacker then asked for Bitcoin donations in exchange for more leaked passwords.
Dropbox was swift to reply to the allegations and said that recent news articles claiming that it was hacked weren’t true. “The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox,” wrote Anton Mityagin from Dropbox.
In a further update Dropbox said it had also checked a subsequent list of usernames and passwords that had been posted online, and that the second list was also not associated with Dropbox accounts.
If Dropbox is telling the whole truth, then it seems likely that the hackers have generated a list of user names and passwords from previous security breaches on non-Dropbox related sites and have tried their luck to see which users are using the same password on multiple sites. “Attacks like these are one of the reasons why we strongly encourage users not to reuse passwords across services,” added Mityagin.
Dropbox users who have used the same password on their Dropbox account and on another websites should change their Dropbox password immediately. For an added layer of security, Dropbox users can also enable 2 step verification.