After iCloud It’s Time For Dropbox, Hundreds Of Credentials Leaked
Last month celebrities’ photos were leaked online that raised questions over Apple’s iCloud security. Now, it’s Dropbox that fell prey to the hackers. A thread appeared on Reddit today that had links pointing to files containing login credentials of hundreds of Dropbox users.
How the hackers got this information is yet unknown. Microsoft denied the claims that its cloud-storage service Dropbox was hacked.
The hacker revealed usernames and passwords of few hundreds as plain texts, and asked for Bitcoin donation to reveal full records. The hackers claim to have records of 7,000,000 accounts.
Users of Reddit confirmed that the credentials leaked were authentic and that they worked at the time the post went online. Dropbox, however, said that the passwords were stolen from some other third party.
What they mean by third party is that it is possible that hackers got access to any service like Adobe and used those credentials to log into Dropbox. Many users keep the same passwords for all the services so there is a possibility that this is the case.
Here’s the official statement released by the company to The Next Web.
Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well.
The news came days after Edward Snowden released a statement that Dropbox isn’t safe and users should get rid of it. Snowden claimed that Microsoft’s cloud-storage service doesn’t use encryption and thus, it doesn’t keep our files safe. Instead, he recommended SpiderOak that provides same features and uses encryption.
“We’re talking about encryption,” said Snowden. “We’re talking about dropping programs that are hostile to our privacy. For example, Dropbox? Get rid of Dropbox, it doesn’t support encryption, it doesn’t protect your private files.”
Microsoft remains confident in their claim that their servers were not hacked. They admit that there were some attacks in past few months but they countered them. They even asked the users who might have been affected to change their passwords.