Dropbox has assured users it has not been hacked, despite the recent leaking of hundreds of usernames and passwords on text-sharing site Pastebin.
The alleged user details have been posted within three documents on the anonymous website, and the person behind the account in question claims to have hacked into around seven million accounts through a third-party service in order to retrieve and share the data.
To fund their efforts, the hacker' has asked for Bitcoin donations.
"We will keep releasing more to the public as donations come in, show your support," the user wrote on Pastebin.
As reported by The Next Web, a number of the examples posted had already expired: "Dropbox has not been hacked," the company told the site.
Further responding to the incident, a spokesperson for Dropbox said: "These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts.
"We'd previously detected these attacks, and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well."
Dropbox assured worried users that it resets passwords on accounts thought to be affected by suspicious activity,' and did so a number of months ago.
Edward Snowden recently urged security-conscious users to steer clear of services such as Dropbox, after previously calling it "hostile to privacy."
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
I love magic links – why aren’t more services using them?Opinion Using magic links instead of passwords is safe and easy but they’re still infuriatingly underused by businesses
-
Password management startup Passbolt secures $8 million to shake up credential securityNews Password management startup Passbolt has secured $8 million in funding as part of a Series A investment round.
-
LastPass breach comes back to haunt users as hackers steal $12 million in cryptocurrencyNews The hackers behind the LastPass breach are on a rampage two years after their initial attack
-
GitHub launches passkeys beta for passwordless authenticationNews Users can now opt-in to using passkeys, replacing their password and 2FA method
-
Microsoft SQL password-guessing attacks rising as hackers pivot from OneNote vectorsNews Database admins are advised to enforce better controls as attacks ending in ransomware are being observed
-
No, Microsoft SharePoint isn’t cracking users’ passwordsNews The discovery sparked concerns over potentially invasive antivirus scanning practices by Microsoft
-
Microsoft Authenticator mandates number matching to counter MFA fatigue attacksNews The added layer of complexity aims to keep social engineering at bay
-
As Google launches passwordless authentication for all, what are the business benefits of passkeys?News Google follows Apple in its latest shift to passwordless authentication, but what are the benefits?
