Alleged Dropbox leak sees 7 million user passwords compromised

Dopbox — the massive online storage sharing service — has reportedly been hacked, resulting in nearly 7 million password leaks — over 2% of the cloud giant’s customers.

The company is denying it got hacked, though thousands of username and password pairs have already been leaked on Pastebin, giving us a taste of what’s to come.

In a statement, Dropbox denied any hack, saying that the passwords are old and probably expired:

Recent news articles claiming that Dropbox was hacked aren’t true. Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens.

The hackers are asking for bitcoin donations, saying that “as more BTC is donated, more pastebin pastes will appear.” So far an additional three batches have been uploaded (we can’t find the fourth teaser) indicating that people have been donating.

While Dropbox is one of many cloud storage services with competitors such as SugarSync, Google Drive, Microsoft’s OneDrive and Box, it’s most likely the biggest out there with 300-million users as of May 2014. Among these users is a mixture of individuals and businesses.

Interestingly, the breach comes just a few days after Edward Snowden made a statement urging people to move away from DropBox. In an interview with the New Yorker, Snowden says people should “get rid of Dropbox” and opt for encrypted services like SpiderOak even though Dropbox states that files on its service are in fact encrypted.

Whether the passwords leaked are legitimate or not is still unclear. Either way though, we encourage you to change your password and implement two-step verification for beefier security.