I don’t know if you realize this but yesterday afternoon, an anonymous user claimed that approximately 7 million Dropbox accounts were hacked. The user posted about 400 allegedly hacked Dropbox usernames and passwords to pastebin.com as a teaser and promised future leaks would be commensurate with Bitcoin donations. In other words, the more Bitcoins people donate the more Dropbox accounts would be leaked to the public.
Here’s the deal…
The password leaks poured in via Reddit yesterday at around 4pm CDT and Reddit users have been swarming like maggots over the passwords, testing for active accounts.
Some Reddit users actually claim a few are valid; however, Dropbox adamantly denies that it was hacked.
Yesterday on the Dropbox blog, Anton Mityagin assured users that contrary to what the media is saying, Dropbox wasn’t hacked.
The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox.
I don’t know if Dropbox was hacked or not and I’m not sure what Mityagin means by “unrelated services” but one thing is for sure: if you have a Dropbox account you need to do two things immediately:
Two step verification means that in order to login to your account you’ll need to enter two things: one is your password and the other is a six digit security code that gets sent to your mobile device. So even if someone steals your password they can’t access your account without the mobile device.
It’ll take about 15 minutes to reset your password and enable two-step verification but it could save you hours of headaches later. I’ve created a little guide on how to make passwords that are both strong and memorable, so I recommend you check that out too!
So what do you think about the alleged Dropbox hack? Did you see the password list? Most are very simple; when will people learn to use complex passwords?
Sound off in the comments!