Home > Cyber News > Dropbox Hacked… Again?

Dropbox Hacked… Again?

dropbox-hackedA new post release by an unknown hacker group in the text sharing Pastebin site today states that they have managed to steal more than 6 million user credentials from the famous share-cloud service Dropbox. The statement also says that the more Bitcoin donations are being made on a specific code, the more credentials the hackers will reveal. A teaser containing about 400 user e-mails was released in the message already as well.

Short after the release Dropbox have issued a statement, claiming that the credentials were not actually stolen from Dropbox’ servers but from other applications over the internet and an attempt for their usage on the cloud has already been detected by the company.

Your stuff is safe.’ A message in Dropbox official blog says, ‘The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens.’
Most of the stolen credentials have already been expired anyway, the company states as well.

In a message board from 13 Oct, however, some of the Reddit.com users say that their usernames and passwords work, while others are claiming Dropbox is expiring the credentials at the moment. The information is controversial, the users continue, referring to previous Dropbox breaches which the company denied.
A “small number” of usernames and passwords were stolen again from Dropbox in 2012, stated the company back then, saying that they were taken out different than the cloud service applications as well. A year prior they had similar issues – they accidentally published a code in their official web-site allowing users to connect to Dropbox without using any credentials at all.

The best protection for all users as of now remains applying the two-factor authentication process on their accounts and installing a time-based, one-time password application on their mobile devices.

Another serious issue the company’s facing now is its Selective Sync application deleting user files and information from the cloud.

‘We’re reaching out to let you know about a Selective Sync issue that affected a small number of Dropbox users. Unfortunately, some of your files were deleted when the Dropbox desktop application was shut down or restarted while you were applying Selective Sync settings.’ an official e-mail to the company users says.

→’Our team worked hard to restore files that were deleted from your account. You can see which of your files were affected and whether or not we’ve been able to restore them on this personalized web page.We’re very sorry about what happened. There’s nothing more important to use than making sure your information is safe and always available. Our team has fixed the issue and put additional tests in place to prevent this from happening in the future.’

The users affected will be offered a free year of the Dropbox Pro service, compensating the losses, although the company has still not issued an official statement in their web-site or the social media.

Could the bug in Dropbox’ Selective Sync application and the hackers’ attack from today be connected?

Berta Bilbao

Berta is a dedicated malware researcher, dreaming for a more secure cyber space. Her fascination with IT security began a few years ago when a malware locked her out of her own computer.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree