It would be a great idea right about now to head on to your Dropbox account and change your password before the exact details come to the fore. This is after ann anonymous Reddit user pasted some hundreds of usernames and passwords for Dropbox accounts with a threat to leak more should he get donations via Bitcoin.
The person claims to have compromised over 7 million accounts and has pasted usernames and passwords for some 400 Dropbox accounts on Pastebin. Dropbox has already initiated a password reset action for users even though the cloud service company has not owned up to the hack. This won’t be the first time Dropbox has been compromised and coming so close after iCloud compromise this puts cloud computing at quite a bad PR when many more are convincing users that they are secure with their data online.
Dropbox has enabled two-factor authentication and users who have set this up need not to worry, though it’s recommended to change the password still.
Dropbox removes the blame on themselves for the hack saying that this was not tied up to their services exactly but the compromise came from third party services. See below their statement.
Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well.