Popular online storage locker and cloud storage Dropbox appears to be the among the latest in a series of high profile target’s being hacked and to have the contents dumped online. A series of posts made available on PasteBin is said to contain the login credentials for hundreds of Dropbox accounts.
The poster goes on to claim that all together there are 6,937,081 credentials that they have gained access to. The hacker has posted 3 threads of accounts and information at the time of this articles being published to PasteBin. Several reddit users where the article first leaked are now stating having tested some of the leaked credentials and conform many are still working.
However further comments indicate that DropBox has set at Captcha code for each of these accounts. At this time the passwords have not been reset. Gizmdo is reporting that Drop box has already sent out password reset emails to any user whose info may have been compromised at this point. Even if you haven’t been affected at this point its better safe than sorry.
In a statement to ArsTechnica Dropbox made this statement:
Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well.
It is HIGHLY suggested by all affected parties as well as this publication that you change you passwords immediately and turn on the two-factor authentication.
The Leaked lists came with a pledge that the leaked lists would continue if users would donate to Bitcoin. At that point the hacker would release more users info. The message reads as follows:
Here is another batch of Hacked Dropbox accounts from the massive hack of 7,000,000 accounts
To see plenty more, just search on [redacted] for the term Dropbox hack.
More to come, keep showing your support
A word of caution to users of online cloud storage. PLEASE REMEMBER, this is NOT LIKE PRIVATE storage that when you tun off your computer people cannot get to it. It’s available on the web 24/7/365 for anyone that wants to make an attempt at gaining access to it. Sure, some services encrypt the data, however many do not.
THINK about the files, your are placing or sharing in these locations and if you wouldn’t mind it showing up for everyone in the WORLD to see, then by all means leave it there. If NOT after you have shared it the other user has retrieved it. REMOVE IT from that online storage. Archive it somewhere on your shelf in your home.
More Stories
Facebook Paying Social Media Users to Suspend Accounts Ahead of November Elections
Facebook is offering money to those who are willing to stop using Facebook and Instagram in the weeks before the...
Multiple nation-state groups are hacking Microsoft Exchange servers
Multiple government-backed hacking groups are exploiting a recently-patched vulnerability in Microsoft Exchange email servers. (more…)
The rare form of machine learning that can spot hackers who have already broken in – MIT Technology Review
Darktrace’s unsupervised-learning models sound the alarm before intruders can cause serious damage. — Read on www.technologyreview.com/s/612427/the-rare-form-of-machine-learning-that-can-spot-hackers-who-have-already-broken-in/
Hackers Delete Thousands of Dark Web Pages • Digit
Hackers have permanently deleted 6,500 hidden services that were hosted on the Daniel's Hosting dark web server. — Read on...
Mining Botnet Conscripts 5000 Android Devices
A fast-moving botnet that appeared over the weekend has already infected thousands of Android devices with potentially destructive malware that...
Surviving Electmageddon: Protecting against a wave of DNS outages
This is a re-print of an excellent article posted this week regarding setting up multiple DNS addresses. To protect...