Dropbox Wasn't Hacked, Says Leaked Credentials Are From Unrelated Services

An anonymous reader writes Dropbox has denied that they have been hacked, and that the login credentials leaked by an unknown individual on Pastebin are those of Dropbox users. "Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox," Anton Mityagin from the Dropbox security department noted in a post.

Don't reuse passwords, folks.

[exploder]

This is why.

Re:

[exploder]

That's not something I'd describe as "reusing passwords".

Re:Don't reuse passwords, folks.

[JackieBrown]

Yep - for dropbox I use ""password-dropbox"

Re:

[peragrin]

I used to use 12345. But then I switched to the more secure 98765. No one ever thinks to go backwardshey just checking but my passwords show up as ***** to you guys right?

Re:

[nine-times]

That's not secure! You should use "p@ssw0rd-dr0pb0x".

Re:

[telchine]

Yep - for dropbox I use ""password-dropbox"

For Dropbox, I use this one... Robert'); Select username, password FROM users;--

Re:

[MightyYar]

It's fine to re-use them for "I don't give a shit" sites like Slashdot.

Re:

[Lumpy]

Why? for useless crap I reuse a lot. I consider Drop Box useless as it's not private nor secure. It's a free throwaway service.

In fact it's smarter to reuse on places like forums and interest webpages.

Re:

[butalearner]

It's convenient to back up and/or share unimportant files, for example I use it to pass ebooks between my reading devices and back up my NaNoWriMo novel as I'm writing it. They have two-factor authentication nowadays, so with encryption it could be fairly well private and secure.

Finally

[suman28]

I can finally get access to that account I had forgotten! Can you also include my hotmail account with the same user ID in the next posting?
Thank you, BTC

Re:

[Anonymous Coward]

You know, if the NSA would just start providing this as a service, no one would ever complain again.

https://passwordrecovery.nsa.gov/DropBox
https://passwordrecovery.nsa.gov/Hotmail
etc.

Headline

[rossdee]

Trying to make some sense of that headline...

Someone called "Leaked Credentials" says dropbox wasn't hacked

No that still doesnt work

Maybe there is supposed to be a full stop after Leaked.

Pretty clear to me

[Anonymous Coward]

Dropbox
(a) Wasn't Hacked,
(b) Says Leaked Credentials Are From Unrelated Services

It's getting scary to put content online nowadays

[Jonifico]

I mean, Gmail, iCloud (tell Jennifer about that) now Dropbox. Shizzle not be safe, fellas.

Re:

[AvitarX]

Isn't the problem relatively week passwords and password reuse?

My understanding of the iCloud attack is that it was brute forced (due to Apple not limiting login attempts via certain attempts to access).

This means someone needed to target a specific address, and hope it had a week password.

This other leak we're reading about today is a password reuse issue, which is really the biggest risk, considering how many sites don't use https, and perhaps have horrible back-end security.

latenightbootycalls

[alen]

is that a password everyone? seems to be all over the pastebin. or is it one guy making dozens of accounts with the same password

Re:

[linuxgurugamer]

Sounds like you have a virus or malware on your computer which reports these random addresses to a third party.

Finger pointing

[tomhath]

Dropbox wasn't hacked, but your email address and password were. This is why I hate websites that insist on harvesting email addresses. I know one might be needed for some purposes but don't show it without additional authentication, or better yet, don't ever show it..

Tool to check user/pass combos

[SecState]

There's a tool here to check whether a particular user has had his/her e-mail and password dumped. Most of them haven't been posted yet but supposedly this site will be updated if more are leaked. http://davidba.in/DropBoxCheck... [davidba.in]