Login details to over 7 million accounts on file sharing service Dropbox have been stolen, with the hacker requesting Bitcoin for the disclosure of information.
The details were posted in a Pastebin document, followed by several more posts which were since revealed to be fakes.
In a statement issued on its official blog shortly after the leak, Dropbox denied the breach, saying user credentials were scraped from unrelated services and tested on numerous websites for compatibility.
Recent news articles claiming that Dropbox was hacked aren’t true. Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens.
Attacks like these are one of the reasons why we strongly encourage users not to reuse passwords across services. For an added layer of security, we always recommend enabling 2 step verification on your account.
Dropbox has already reportedly forced a password reset for the affected accounts, according to The Next Web. But just to be on the safe side, those of you who use Dropbox may want to change your password at this point. And here’s how…
Log into your account at Dropbox.
Click the link for your name in the upper right corner and click the link for Settings.
At the Settings screen, click the tab for Security.
In the Security section, click the link to Change password.
In the Change password window, type your current (old) password and then type your new password. Click the Change password button. Dropbox then flashes the following message at the top of the screen: “Password changed successfully.” And that’s pretty much it.