According to reports, hundreds of Dropbox usernames and passwords were leaked online as a preview to a larger alleged leak of 7 million accounts.
As The Next Web reports, a thread appeared on reddit pointing to files with the leaked account details, saying, “Here is another batch of Hacked Dropbox accounts from the massive hack of 7,000,000 accounts. To see plenty more, just search on [redacted] for the term Dropbox hack. More to come, keep showing your support.”
According to Dropbox, it hasn’t been hacked, and any such account details have been obtained from third-party services. The company addressed the situation on its blog, saying that it wasn’t hacked:
Recent news articles claiming that Dropbox was hacked aren’t true. Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens.
Attacks like these are one of the reasons why we strongly encourage users not to reuse passwords across services. For an added layer of security, we always recommend enabling 2 step verification on your account.
In a update to the post, it added:
A subsequent list of usernames and passwords has been posted online. We’ve checked and these are not associated with Dropbox accounts.
Long story short, it’s probably a good time to reset your passwords across the various online services you use, and to make them all different this time.
Image via Dropbox