An anonymous user posted on Pastebin hundreds of Dropbox usernames and passwords, teasing that he has access to login credentials for as many as 7 million Dropbox accounts. However, it’s not clear where the person got the list, The Next Web reports, and Dropbox says its security hasn’t been compromised.
FROM EARLIER: Kmart confirms month-long credit card data breach
“Here is another batch of Hacked Dropbox accounts from the massive hack of 7,000,000 accounts,” the person said. “To see plenty more, just search on [redacted] for the term Dropbox hack. More to come, keep showing your support,” the person added, asking for Bitcoin donations.
Reddit users were apparently able to confirm the credentials in the leak worked at the time they were published.
“Dropbox has not been hacked,” the company told the publication. “These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well.”
The company also said it performed resets when it detected “suspicious activity” on these accounts a few months ago.