Dropbox Denies Claims That It Was Hacked, Says Information Is Outdated

Chuck Bednar for redOrbit.com – Your Universe Online
Dropbox is denying reports their cloud-based service was hacked and that nearly seven million accounts were accessed, claiming outdated login credentials had actually been swiped from third-party programs.
According to Alex Heath of Cult of Mac, an anonymous individual claims to have cracked more than 6.9 million Dropbox accounts, gaining access to email addresses and passwords that had been listed in plain text in the process. He or she then posted several hundred online, promising to release more after receiving Bitcoin donations.
The alleged hack was revealed in a Reddit thread posted on Monday, and users in that thread reportedly confirmed the credentials of several accounts listed in the spreadsheet worked at the time of listing, said The Next Web’s Owen Williams. Williams added that it has not been confirmed where the information came from or how many users might be affected.
Each of the accounts listed in the first batch belonged to people whose email addresses started with the letter ‘B,’ noted CNET reporter Claire Reilly. A total of 400 email addresses and password combinations were posted at 4:10 CDT on Pastebin Monday, with the author of the post promising that more accounts would be published as he/she started receiving more Bitcoin.
However, a Dropbox spokesperson told various media outlets that the service “has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well.”
In a blog entry that followed, Dropbox reiterated that the reports claiming the service had been hacked “aren’t true” and that the usernames and passwords in question “were stolen from unrelated services, not Dropbox.” Furthermore, the company said it checked the credentials that had been posted online and verified they “are not associated with Dropbox accounts.”
While Dropbox assured users it had “measures in place to detect suspicious login activity” and that it “automatically reset passwords” when breaches do occur, it also emphasized that “attacks like these are one of the reasons why we strongly encourage users not to reuse passwords across services. For an added layer of security, we always recommend enabling 2 step verification on your account.”
Darren Pauli of The Register wrote on Tuesday that he had checked the nominated account and found that no one had paid. He added that the “failed fleecing serves as a timely reminder to never pay money into Bitcoin wallets listed on Pastebin.”
This alleged hacking incident comes shortly after Dropbox revealed that some user files had been accidentally deleted by its Selective Sync application, said Chris Duckett of ZDNet. Those incidents occurred when the Dropbox desktop application was shut down and restarted while using Selective Sync settings, the company said. Affected users are being compensated for their troubles with a free year of Dropbox Pro, Duckett added.
—–
Shop Amazon – Hot New Releases – Updated Every Hour
—–