Post by Admin on Oct 14, 2014 7:39:15 GMT -9
Dropbox: Calm Down, We Weren't Hacked
BY STEPHANIE MLOT OCTOBER 14, 2014 11:10AM EST5
Hundreds of alleged usernames and passwords were posted online this week, but Dropbox said it wasn't hacked.
Hundreds of alleged Dropbox usernames and passwords were posted online this week, but Dropbox says its systems were not hacked.
On Monday, a Reddit thread surfaced, containing links to files with hundreds of Dropbox account details, showcasing usernames and passwords in plain text.
A post on Pastebin said hackers got their hands on 7 million Dropbox accounts. To start, it posted data about 400 accounts, and said it would release more if people donated bitcoin.
But Dropbox denied it was hacked, instead blaming third-party services for the leak.
"Your stuff is safe," Anton Mityagin, member of the company's security team, wrote in a blog post. "The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox."
The attackers, he said, used stolen credentials to try to log into sites across the Web, including Dropbox.
"Attacks like these are one of the reasons why we strongly encourage users not to reuse passwords across services," Mityagin said, adding that Dropbox automatically resets passwords when suspicious login activity is detected.
Those emails and passwords posted online, meanwhile, "are not associated with Dropbox accounts," Mityagin added.
The cloud-based service encouraged all users to change their passwords, as well as enable two-factor authentication, which Dropbox has been using for more than two years, as an added layer of protection. The feature requires users to input an extra security code sent to your phone by text message, or generated using a mobile authenticator app.
BY STEPHANIE MLOT OCTOBER 14, 2014 11:10AM EST5
Hundreds of alleged usernames and passwords were posted online this week, but Dropbox said it wasn't hacked.
Hundreds of alleged Dropbox usernames and passwords were posted online this week, but Dropbox says its systems were not hacked.
On Monday, a Reddit thread surfaced, containing links to files with hundreds of Dropbox account details, showcasing usernames and passwords in plain text.
A post on Pastebin said hackers got their hands on 7 million Dropbox accounts. To start, it posted data about 400 accounts, and said it would release more if people donated bitcoin.
But Dropbox denied it was hacked, instead blaming third-party services for the leak.
"Your stuff is safe," Anton Mityagin, member of the company's security team, wrote in a blog post. "The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox."
The attackers, he said, used stolen credentials to try to log into sites across the Web, including Dropbox.
"Attacks like these are one of the reasons why we strongly encourage users not to reuse passwords across services," Mityagin said, adding that Dropbox automatically resets passwords when suspicious login activity is detected.
Those emails and passwords posted online, meanwhile, "are not associated with Dropbox accounts," Mityagin added.
The cloud-based service encouraged all users to change their passwords, as well as enable two-factor authentication, which Dropbox has been using for more than two years, as an added layer of protection. The feature requires users to input an extra security code sent to your phone by text message, or generated using a mobile authenticator app.