A massive hacking of nearly 7 million email addresses and passwords in clear text associated with Dropbox accounts is leaked.
Is this new case of massive piracy? On Pastebin, a hacker on Monday released a list of 400 usernames (ie; email addresses) and passwords in clear text, which would come from the compromised accounts of Dropbox.
Just a taste since the individual claims to have booty exactly of 6,937,081 Dropbox accounts hacked. He promises future publications as donations in Bitcoins will flow. Moreover, it is also about photos, videos and other files besides an ID.
His appeal for donations has currently not been followed which is one transaction at 0.0001 bitcoins. Especially as Dropbox refutes any case of hacking of its systems.
"These usernames and passwords were stolen from third party services, not Dropbox. Attackers have used these stolen data to try to connect to sites including Dropbox credentials. We have measures in place to detect suspicious activities and we automatically reset passwords when this happens."
An update from the Dropbox blog that the published list of identifiers states, none of them were associated with Dropbox accounts. Previously, Dropbox had a slightly different speech to say that the passwords published were obsolete.
This case is reminiscent of the publication of 5 million Gmail addresses and passwords that had an impact on WordPress.com accounts. Services allegedly hacked are actually not directly involved, but there is a risk because of a practice of reusing users with the same password for multiple services.
At least for sensitive accounts, this practice should be avoided. As Google and Apple with iCloud, Dropbox also recommends the use of two-step verification.