Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > News > Tech News > Dropbox denies 7M account leak caused through server hack

Dropbox denies 7M account leak caused through server hack
Thread Tools
NewsPoster
MacNN Staff
Join Date: Jul 2012
Status: Offline
Reply With Quote
Oct 14, 2014, 06:50 AM
 
Passwords from a supposed pool of 7 million Dropbox accounts have allegedly leaked by hackers, though Dropbox denies its service has been hacked. A thread on Reddit linked to batches of account credentials, with the user hoping to receive Bitcoin donations for the leaks, though the exact source of the leaked account details is unknown.

The Next Web reports that some Reddit users seemingly confirmed some of the released credentials were active, though this could be seen as an attempt to make the leaks "valid" and in turn valuable.

In a statement, Dropbox advises that the claims about the passwords coming from its servers "aren't true. Your stuff is safe." The usernames and passwords were apparently "stolen from unrelated services, not Dropbox," with attackers then using the credentials to attempt to log into various services, including Dropbox itself. "We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens." The company recommends that users enable two-step verification on their accounts, and strongly encourages users not to reuse passwords across multiple services.

This is the second incident involving Dropbox this week. Yesterday, it was revealed some older desktop clients for the service with Selective Sync enabled had some of their files randomly deleted. Engadget writes that Dropbox is restoring files where it can, and affected users are being offered a year of Dropbox Pro as compensation.
     
Teq
Fresh-Faced Recruit
Join Date: Mar 2010
Status: Offline
Reply With Quote
Oct 14, 2014, 08:01 AM
 
What about third-party apps linked to the Dropbox account. Is there a chance those had access to unencrypted passwords?
     
qazwart
Junior Member
Join Date: Apr 2001
Location: Edison, NJ 08817
Status: Offline
Reply With Quote
Oct 14, 2014, 11:17 AM
 
Third party apps must use OAUTH that prevents password leaks. It is very possible an evil OAUTH app could steal a user's password, but that's unlikely.

More likely is that these passwords were used at other sites. The hackers found those accounts and passwords and tried them at other sites. If you look at the passwords that have been hacked, they're very simple. Not something a password program or Keychain would have created. The types of passwords shared from site to site.
--
     
   
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 05:12 AM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,