An unnamed hacker group is claiming that it has accessed 6,937,081 Dropbox accounts. Hackers posted the accounts with plain text passwords onto Pastebin.com, in what appear to be working logins according to a significant number of social media reports and Reddit users confirming working logins.
The Pastebin message at the top of one of the leaks is as follows:
“Here is another batch of Hacked Dropbox accounts from the massive hack of 7,000,000 accounts
To see plenty more, just search on pastebin for the term Dropbox hack. More to come, keep showing your support”
However, Dropbox has issued a statement denying that this breach occurred on its end, saying that Dropbox itself was not attacked, but rather a third-party service that had stored user credentials:
“Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well.”Dropbox says it performed password resets when it detected ‘suspicious activity’ on these accounts a few months ago. We’re investigating claims on Reddit that commenters were able to use the leaked credentials found on Pastebin.