Passwords from a supposed pool of 7 million
Dropbox accounts have allegedly leaked by hackers, though Dropbox denies its service has been hacked. A thread on Reddit linked to batches of account credentials, with the user hoping to receive Bitcoin donations for the leaks, though the exact source of the leaked account details is unknown.
The Next Web reports that some Reddit users seemingly confirmed some of the released credentials were active, though this could be seen as an attempt to make the leaks "valid" and in turn valuable.
In a
statement, Dropbox advises that the claims about the passwords coming from its servers "aren't true. Your stuff is safe." The usernames and passwords were apparently "stolen from unrelated services, not Dropbox," with attackers then using the credentials to attempt to log into various services, including Dropbox itself. "We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens." The company recommends that users enable two-step verification on their accounts, and strongly encourages users not to reuse passwords across multiple services.
This is the second incident involving Dropbox this week. Yesterday, it was revealed some older desktop clients for the service with Selective Sync enabled had some of their files randomly deleted.
Engadget writes that Dropbox is restoring files where it can, and affected users are being offered a year of
Dropbox Pro as compensation.