Earlier today, hundreds of usernames and passwords were posted on Reddit by hackers claiming that the login credentials were taken from “the massive hack of 7,000,000 accounts” on Dropbox. But the cloud storage company said that its service was not hacked.
The password and username pairs were published by hackers who asked for Bitcoin donations for more purported Dropbox logins to be leaked.
It’s unclear how the account details were obtained. But Dropbox, in a new post on its official blog, said that they were harvested from other services and that its own service was not compromised in the alleged hack:
Recent news articles claiming that Dropbox was hacked aren’t true. Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place measures (sic) that detect suspicious login activity and we automatically reset passwords when it happens.
Still, some of the leaked credentials were reported to have been used in successfully logging in to Dropbox.
In any case, if you have an account on Dropbox, you’re encouraged to change your password and, better yet, enable two-step verification. Just like Apple’s recently instated iCloud security measure, Dropbox’s two-step verification allows logging in to a new device or app only after completing an additional authentication step using another trusted device.