SUBSCRIBE TO TMCnet
TMCnet - World's Largest Communications and Technology Community

CHANNEL BY TOPICS


QUICK LINKS




Dropbox Wasn't Hacked, Says Dropbox as Passwords Hit the Web

TMCnet Feature

October 14, 2014

Dropbox Wasn't Hacked, Says Dropbox as Passwords Hit the Web

Share
Tweet
By Steve Anderson
Contributing TMCnet Writer

It was the kind of thing software users never want to see: a thread emerged on Reddit recently with a set of links to files that contained hundreds of names and password combinations for Dropbox (News - Alert) accounts. Normally, such a discovery would be followed by announcements from the company in question about a hacking, complete with advisories to change passwords in rapid fashion. But this time around, something seems to be different, as reports from Dropbox itself suggest that there was no hacking going on out at Dropbox, though the results of a hack do seem present.


The Reddit thread contained, at last report, links to a set of Pastebin files that themselves contained a set of username and password combinations in plain text. Reportedly described as “teases” for a much larger leak, the user who offered up the teases in question began to solicit Bitcoin donations in exchange for the rest of the information. Reportedly, the leak encompassed fully seven million accounts, and reports suggest that the credentials presented by the leak had been confirmed.

This led to more than a few turning gazes squarely in Dropbox's direction, wondering how seven million accounts had been leaked without so much as a note from Dropbox. Dropbox subsequently responded that it had not been hacked at all, but rather, that the information in question had been seized from a set of third party sites. Dropbox also notes that the passwords and usernames in question generally come from expired passwords, and launched password reset procedures a few months ago when it first detected what was called “suspicious activity” on the accounts back around a few months ago.

So what does this mean for the regular user? One, keep calm; it's a fair bet that, among the seven million accounts allegedly hit, an active user's account may not have been among these. Two, despite this, it may be a good idea to bump up the password rotation a bit and change the password now. Three, for those considering the use of third-party apps in general—not just for Dropbox—it may be a good idea to think twice. Such services may offer useful, valuable tools, but there's always an issue of security to be concerned with. It's worth a second thought, really, on the strength of security issues. Further, some reports suggest that users who engaged in two-factor authentication were comparatively unharmed as well, as it was mainly user names and static passwords that were released. That puts a little extra credence in the concept of two-factor authentication, as it serves as an excellent secondary layer of security, even if it's somewhat more complicated to use than a straight password / username combination.

So for right now, there could be a huge amount of account data floating around out there. This could be a scam to raise Bitcoin for a particularly enterprising hacker. This could be the wake-up call some were needing to augment security on online systems. Only time will tell just what the fullest effects of this development are, but for now, it looks like a learning experience for most and a terrible day for some.




Edited by Alisen Downey


View all articles


Comments powered by Disqus








Technology Marketing Corporation

2 Trap Falls Road Suite 106, Shelton, CT 06484 USA
Ph: +1-203-852-6800, 800-243-6002

General comments: [email protected].
Comments about this site: [email protected].

STAY CURRENT YOUR WAY

© 2024 Technology Marketing Corporation. All rights reserved | Privacy Policy