Dropbox Hacked

Was Dropbox hacked? According to Dropbox, absolutely not. The Internet lit up with reports that the popular cloud service was hacked, which potentially exposed millions of its users, but Dropbox quickly reassured its users that reports were false. Dropbox quickly came to its own defense and strongly rejected the claims.

According to The Next Web, an international, Internet technology online news provider, the leak was noticed on a site named Pastebin. The hackers released a list of 400 accounts and threatened to release more if it did not receive its requested Bitcoin ransom.

According to the hackers, they had more than 6.9 million email addresses and passwords that belonged to Dropbox users. A Reddit thread appeared online when the story was first uncovered. According to The Next Web, Pastebin had four files that linked to documents containing Dropbox usernames and passwords. An anonymous user that sought out Bitcoin donations for more leaks teased the posts. The hacker teased that he/she had more information, and continued financial support would result in more leaks. A few Reddit users reported that the information really worked. However, a more thorough investigation was not conducted to verify the validity of the grand, and expensive, claim.

Immediately, Dropbox issued a response on its site, forcing The Next Web to print an update to its initial report. The Dropbox statement stated that the site was not hacked.

Dropbox Response:

Dropbox wasn’t hacked

Posted by Anton Mityagin on October 13, 2014

Recent news articles claiming that Dropbox was hacked aren’t true. Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens.

Attacks like these are one of the reasons why we strongly encourage users not to reuse passwords across services. For an added layer of security, we always recommend enabling 2 step verification on your account.”

“Update: 10/14/2014 12:30am PT

A subsequent list of usernames and passwords has been posted online. We’ve checked and these are not associated with Dropbox accounts.”

There are a few concerns users can take away from the Dropbox story: reusing the same password on multiple sites and the threats of third-party sites. Many users are discouraged by trying to remember multiple passwords for multiple sites, but it is absolutely necessary to ensure your online privacy and to protect your data. Use passwords that are difficult to decipher, and consider using a password management system to assist you with remembering and frequently changing the information.

One of the most disturbing dimensions of the story is the risk of third-party sites. Too many services permit access to third parties. Third parties are often blamed for the security breaches, but the fact is, many services are not doing enough to vet the application and sites that are permitted to access their platforms.

Enjoy the benefits of the cloud without giving up your data to a third party service like Dropbox with MyWorkDrive.

Daniel, Founder of MyWorkDrive.com, has worked in various technology management roles serving enterprises, government and education in the San Francisco bay area since 1992. Daniel is certified in Microsoft Technologies and writes about information technology, security and strategy and has been awarded US Patent #9985930 in Remote Access Networking