dropbox
Popular online storage locker and cloud storage Dropbox appears to be the among the latest in a series of high profile target’s being hacked and to have the contents dumped online.  A series of posts made available on PasteBin is said to contain the login credentials for hundreds of Dropbox accounts.  

The poster goes on to claim that all together there are 6,937,081 credentials that they have gained access to.  The hacker has posted 3 threads  of accounts and information at the time of this articles being published to PasteBin.  Several reddit users where the article first leaked are now stating having tested some of the leaked credentials and conform many are still working.

However further comments indicate that DropBox has set at Captcha code for each of these accounts.  At this time the passwords have not been reset.  Gizmdo is reporting that Drop box has already sent out password reset emails to any user whose info may have been compromised at this point.  Even if you haven’t been affected at this point its better safe than sorry.

In a statement to ArsTechnica Dropbox made this statement:

Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well.

It is HIGHLY suggested by all affected parties as well as this publication that you change you passwords immediately and turn on the two-factor authentication.

The Leaked lists came with a pledge that the leaked lists would continue if users would donate to Bitcoin.  At that point the hacker would release more users info.  The message reads as follows:

Here is another batch of Hacked Dropbox accounts from the massive hack of 7,000,000 accounts

To see plenty more, just search on [redacted] for the term Dropbox hack.

More to come, keep showing your support

A word of caution to users of online cloud storage.  PLEASE REMEMBER, this is NOT LIKE PRIVATE storage that when you tun off your computer people cannot get to it.  It’s available on the web 24/7/365 for anyone that wants to make an attempt at gaining access to it.  Sure, some services encrypt the data, however many do not.

THINK about the files, your are placing or sharing in these locations and if you wouldn’t mind it showing up for everyone in the WORLD to see, then by all means leave it there.  If NOT after you have shared it the other user has retrieved it.  REMOVE IT from that online storage.  Archive it somewhere on your shelf in your home.