Dropbox Wasn't Hacked, Says Leaked Credentials Are From Unrelated Services 29
An anonymous reader writes Dropbox has denied that they have been hacked, and that the login credentials leaked by an unknown individual on Pastebin are those of Dropbox users. "Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox," Anton Mityagin from the Dropbox security department noted in a post.
Don't reuse passwords, folks. (Score:5, Insightful)
This is why.
Re: (Score:2)
That's not something I'd describe as "reusing passwords".
Re:Don't reuse passwords, folks. (Score:5, Funny)
Yep - for dropbox I use ""password-dropbox"
Re: (Score:2)
I used to use 12345. But then I switched to the more secure 98765. No one ever thinks to go backwardshey just checking but my passwords show up as ***** to you guys right?
Re: (Score:3)
Re: (Score:2)
Yep - for dropbox I use ""password-dropbox"
For Dropbox, I use this one... Robert'); Select username, password FROM users;--
Re: (Score:2)
It's fine to re-use them for "I don't give a shit" sites like Slashdot.
Re: (Score:2)
Why? for useless crap I reuse a lot. I consider Drop Box useless as it's not private nor secure. It's a free throwaway service.
In fact it's smarter to reuse on places like forums and interest webpages.
Re: (Score:2)
Finally (Score:5, Funny)
Thank you, BTC
Re: (Score:2, Funny)
You know, if the NSA would just start providing this as a service, no one would ever complain again.
https://passwordrecovery.nsa.gov/DropBox
https://passwordrecovery.nsa.gov/Hotmail
etc.
Headline (Score:1)
Trying to make some sense of that headline...
Someone called "Leaked Credentials" says dropbox wasn't hacked
No that still doesnt work
Maybe there is supposed to be a full stop after Leaked.
Pretty clear to me (Score:1)
Dropbox
(a) Wasn't Hacked,
(b) Says Leaked Credentials Are From Unrelated Services
It's getting scary to put content online nowadays (Score:2)
Re: (Score:2)
Isn't the problem relatively week passwords and password reuse?
My understanding of the iCloud attack is that it was brute forced (due to Apple not limiting login attempts via certain attempts to access).
This means someone needed to target a specific address, and hope it had a week password.
This other leak we're reading about today is a password reuse issue, which is really the biggest risk, considering how many sites don't use https, and perhaps have horrible back-end security.
latenightbootycalls (Score:2)
is that a password everyone? seems to be all over the pastebin. or is it one guy making dozens of accounts with the same password
Re: (Score:2)
Finger pointing (Score:4, Interesting)
Tool to check user/pass combos (Score:1)