Skip to main content

Dropbox hit in password leak, though its own servers remain secure

Samsung Galaxy 2 dropbox
Image used with permission by copyright holder
Dropbox has been targeted by hackers who claim to have login details for nearly seven million of its accounts.

To prove the authenticity of its attack, hackers on Monday posted on the Web hundreds of Dropbox username and password details in plain text, with a request for Bitcoin donations for further posts revealing more of the data, TNW reported.

In a statement to Digital Trends, Dropbox insisted its servers had not been hacked, and that “these usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts.” It declined to say from which services the data had been stolen.

The cloud storage company added, “We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now.”

Dropbox said it’d already forced a password reset for those affected, though as a precautionary measure all users of the service would be wise to change their passwords now, and also to activate two-step authentication if they haven’t already done so. Two-factor authentication, which can be set up in just a few clicks, adds another layer of security to an account by asking for a six-digit security code at login, in addition to the password.

It’s been a rough 24 hours for Dropbox. Earlier in the day it admitted that a bug in some older versions of its desktop app had caused the deletion of files belonging to “a small number” of Dropbox users. A message sent to those affected suggested the company has been able to restore most of the deleted files, though it appears some may have been lost forever.

Both issues come just days after whistleblower Edward Snowden said Web users should avoid using Dropbox, as well as Google and Facebook, citing data protection and privacy concerns.

Speaking via video link from his hideout in Russia, the former NSA contractor suggested users ditch Dropbox because of its lack of local encryption.

In a blog post earlier this year, Dropbox outlined its approach to online security, reassuring users that data is encrypted on the company’s servers and also while in transit. However, if a user wants to encrypt the files on their own computer, a third-party solution is needed.

Editors' Recommendations

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
British Airways hit with a massive fine for 2018 data breach
british airways cabin crew given ipads

A data breach in 2018 that saw hackers steal personal data belonging to hundreds of thousands of British Airways customers has cost the company nearly 184 million British pounds (about $230 million), making it the biggest fine ever imposed for an incident of this kind.

The U.K.’s Information Commissioner’s Office (ICO) said it handed down the fine for breaches of data protection law that it said resulted from “poor security arrangements” at the company.

Read more
Millions of real estate records were publicly accessible due to lax security
Stock photo of lock and data

A major financial services company, First American Corporation, has left millions of records publicly accessible on its servers. The data included bank account details, bank statements, mortgage records, driver's license images, and Social Security numbers, and was available to access without authorization by anyone who connected to an area of the company's website.

The company provides title insurance and settlement services, and is a major player in the real estate and mortgage industries. The publicly accessible data was discovered by a real estate developer who reported it to the company but got no response. He then shared the finding with an online security blog.

Read more
Leaked pics suggest Ecobee is adding a smart home security camera to its lineup
ecobee leak security camera blue

Leaked pictures of a sleek black-and-silver, conical Ecobee-branded camera turned up on Zatz Not Funny this week. Okay, it’s not exactly a surprise, but more like an inevitable addition to Ecobee’s lineup that nearly everyone in the smart home technology market has expected for some time.

Why is a new camera from Ecobee not a surprise? For starters, the company’s flagship product has always been its smart thermostat, closely followed by the smart light switch it recently added to its growing lineup, so a smart security camera — which has a lot of competition partially because the base technology really isn’t that hard to stitch together — isn’t a particularly huge stretch.

Read more