Popular online locker service Dropbox appears to have been hacked. A series of posts have been made to Pastebin purporting to contain login credentials for hundreds of Dropbox accounts, with the poster claiming that altogether 6,937,081 account credentials have been compromised.
Reddit users who have tested some of the leaked credentials have confirmed that at least some of them work. Dropbox seems to have bulk reset all the accounts listed in the Pastebin postings, though thus far other accounts do not appear to have had their passwords reset.
The hackers claim that they will release more username/password pairs if they receive donations to their bitcoin address.
We've asked Dropbox for comment. In the meantime, it's probably a wise idea to change your Dropbox password to a strong password, and if practical enable two-factor authentication. The service currently appears to be struggling to process password changes in a timely manner, however.
Update: Dropbox has sent us the following statement:
Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We'd previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well.
via arstechnica.com
