Hackers claim to have accessed 7 million Dropbox accounts
Dropbox said third-party services were to blame after hackers released 400 emails and passwords Monday. The hackers asked for Bitcoin to post more accounts, just one week after nearly 200,000 Snapchat images were illegally accessed through other applications.
NEW YORK DAILY NEWS
Tuesday, October 14, 2014, 3:10 PM
While Dropbox allows users to share items online, some of its clients' information has been shared on the Web without their permission: their emails and passwords.
Just one week after hackers accessed 200,000 Snapchat images through other applications, an anonymous Pastebin user claimed to have accessed nearly 7 million Dropbox account log-ins in a post Monday. The hacker listed 400 account credentials and calls on readers to donate Bitcoin to have more emails and passwords released.
Dropbox confirmed the leaked log-ins were real accounts, but said the company was not hacked, a security employee named Anton Mityagin wrote on the company's blog. Instead, the passwords were taken from "unrelated" third-party services. Because customers often reuse passwords for various Web services, hackers were able to use stolen passwords to log in to multiple sites, including Dropbox.
But many of the posted accounts are no longer valid, according to company representatives.
The company told The Next Web that it had "previously detected these attacks" and the "vast majority of the passwords posted have been expired for some time."
On Dropbox's blog, Mityagin wrote, "Your stuff is safe….We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens."
The hacker posted more emails and passwords later on Monday, but Dropbox said those were not real accounts.
"We've checked and these are not associated with Dropbox accounts," Mityagin said in the updated blog post.
The company did not identify which third-party services were breached. But it recommended that people use unique passwords for all accounts and enable two-step verification.
The hacker's post was still online on Tuesday afternoon and was the top trending update on Pastebin, with more than 162,500 views.
No comments:
Post a Comment