A few hundred Dropbox usernames and passwords have leaked on Reddit, likely from third-party services and possibly as part of a much larger breach. Time to change your passwords.
The leak, which contains hundreds of accounts with email addresses starting with the letter “b”, come from an anonymous user taking Bitcoin donations for the full leak, which they claim consists of millions of accounts, according to The Next Web. We’re not sure how old these credentials are or which third party apps they came from, but no matter what, it’s time to do the same old song and dance we’re pretty used to by now.
So, if you use Dropbox, be sure to change your password now (and make it strong), as well as your password on any other site that used the same credentials. While you’re at it, you should definitely enable two-factor authentication to keep ne’er-do-wells out of your account (even if your password is leaked).
If your account was one of the “B” accounts already leaked, you should get a notification from Dropbox to reset your account. But in the meantime, we recommend everyone change their passwords. Hit the link to read more.
Dropbox has said in a statement that they were not hacked, and that the leaked credentials likely came from third-party services (as suspected):
Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well.
Dropbox claim the passwords have expired, but no matter what, you should change your password. We still don’t know enough about the hack to recommend otherwise.
Hundreds of Dropbox Passwords May Have Leaked Online in Alleged Hack [The Next Web via Gizmodo]