Dropbox Users Attacked, but Company Denies Breach
NEWS ANALYSIS: Was this a case of password reuse? Employing unique username/password combinations and two-factor authentication helps minimize risk.The popular Dropbox cloud file storage service is denying allegations that it was hacked, as an anonymous source leaked information Dropbox account holders. The anonymous allegation against Dropbox was publicly posted on Pastebin and claims that 6,937,081 Dropbox accounts were hacked, though initially only 400 Dropbox accounts were publicly posted. The anonymous Pastebin poster has requested Bitcoin donations to release more Dropbox user information. For its part, Dropbox is refuting the claim that it was hacked and has stated that its users' content is safe. "The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox," the company wrote in a blog post. "Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox."
Dropbox added that it has policies in place to help detect suspicious login activity to help protect users. When suspicious logins occur, Dropbox can reset the user's password. Additionally, Dropbox suggests that users employ two-factor verification to provide an additional layer of protection to their accounts. With two-factor verification, the username and password is supplemented by a second factor (or password) that is generated via a mobile text message to the user's phone.