A thread popped up on Reddit Monday, with a link to a list of Dropbox usernames and passwords allegedly obtained from a Dropbox security breach. However, the company says its servers were not breached, instead laying the blame at the feet of third-party services.
Along with the approximately 400 usernames and passwords posted to Pastebin in plain text, hackers claimed to be in possession of access data for up to 7 million accounts taken directly from Dropbox servers, reports The Next Web.
Dropbox posted a statement on its company blog shortly after the leak was discovered, denying a security breach, the company says the user info had been scraped from unrelated services, and then tested on numerous websites.
Attacks like these are one of the reasons why we strongly encourage users not to reuse passwords across services. For an added layer of security, we always recommend enabling 2 step verification on your account.
Dropbox told TNW that it had previously detected the attacks, and noted that all the passwords in the list are no longer in service.
If you haven’t enabled two-step authentication on your Dropbox account, now is as good a time as any. Dropbox provides instructions for turning on two-factor authentication at their website here. It only takes a few minutes, and adds a much-needed additional layer of security to your Dropbox account.