Dropbox denies claims it was hacked

[Windsorlou]

Dropbox denies claims it was hacked

PUBLISHED : Wednesday, 15 October, 2014, 11:01pm
UPDATED : Thursday, 16 October, 2014, 4:08am

The Guardian

Dropbox denies claims it was hacked

Dropbox has denied claims that hackers broke into its systems and stole seven million usernames and passwords, which they are now threatening to leak.

Several hundred usernames and passwords were posted by the hackers on the text-sharing site Pastebin, claiming them to be a small sample of the logins taken directly from Dropbox servers.

The hackers are requesting Bitcoin "donations" to release the rest of the Dropbox user data.

"Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox," Anton Mityagin, who is part of Dropbox's security team, wrote in a blog. "Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens."

Mityagin said subsequent lists of usernames and passwords were not connected with Dropbox accounts.

Password reuse is blamed for some of the leaked details being seemingly coincidentally valid for Dropbox. It is unknown how many of them worked, but Dropbox has since revoked any that it found to be valid.