Slashdot Mirror

← Back to Stories (view on slashdot.org)

Dropbox Wasn't Hacked, Says Leaked Credentials Are From Unrelated Services

Posted by timothy on from the effect-is-the-same-to-users dept.

An anonymous reader writes Dropbox has denied that they have been hacked, and that the login credentials leaked by an unknown individual on Pastebin are those of Dropbox users. "Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox," Anton Mityagin from the Dropbox security department noted in a post.

29 comments

  1. Don't reuse passwords, folks. by exploder · · Score: 5, Insightful

    This is why.

    --
    Yo dawg, I heard you like the Ackermann function, so OH GOD OH GOD OH GOD
    1. Re:Don't reuse passwords, folks. by Anonymous Coward · · Score: 0

      Or at least modify them on a per-site basis using a non-obvious scheme

    2. Re:Don't reuse passwords, folks. by exploder · · Score: 1

      That's not something I'd describe as "reusing passwords".

      --
      Yo dawg, I heard you like the Ackermann function, so OH GOD OH GOD OH GOD
    3. Re:Don't reuse passwords, folks. by JackieBrown · · Score: 4, Funny

      Yep - for dropbox I use ""password-dropbox"

    4. Re:Don't reuse passwords, folks. by peragrin · · Score: 1

      I used to use 12345. But then I switched to the more secure 98765. No one ever thinks to go backwardshey just checking but my passwords show up as ***** to you guys right?

      --
      i thought once I was found, but it was only a dream.
    5. Re:Don't reuse passwords, folks. by MightyYar · · Score: 1

      It's fine to re-use them for "I don't give a shit" sites like Slashdot.

      --
      W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
    6. Re:Don't reuse passwords, folks. by nine-times · · Score: 2

      That's not secure! You should use "p@ssw0rd-dr0pb0x".

    7. Re:Don't reuse passwords, folks. by Lumpy · · Score: 1

      Why? for useless crap I reuse a lot. I consider Drop Box useless as it's not private nor secure. It's a free throwaway service.

      In fact it's smarter to reuse on places like forums and interest webpages.

      --
      Do not look at laser with remaining good eye.
    8. Re:Don't reuse passwords, folks. by butalearner · · Score: 1

      It's convenient to back up and/or share unimportant files, for example I use it to pass ebooks between my reading devices and back up my NaNoWriMo novel as I'm writing it. They have two-factor authentication nowadays, so with encryption it could be fairly well private and secure.

    9. Re:Don't reuse passwords, folks. by Anonymous Coward · · Score: 0

      You didn't use uppercase letters. Now anybody can guess your password! D:

    10. Re:Don't reuse passwords, folks. by telchine · · Score: 1

      Yep - for dropbox I use ""password-dropbox"

      For Dropbox, I use this one... Robert'); Select username, password FROM users;--

  2. Finally by suman28 · · Score: 5, Funny

    I can finally get access to that account I had forgotten! Can you also include my hotmail account with the same user ID in the next posting?
    Thank you, BTC

    1. Re:Finally by Anonymous Coward · · Score: 2, Funny

      You know, if the NSA would just start providing this as a service, no one would ever complain again.

      https://passwordrecovery.nsa.gov/DropBox
      https://passwordrecovery.nsa.gov/Hotmail
      etc.

  3. Headline by rossdee · · Score: 0

    Trying to make some sense of that headline...

    Someone called "Leaked Credentials" says dropbox wasn't hacked

    No that still doesnt work

    Maybe there is supposed to be a full stop after Leaked.

  4. It's getting scary to put content online nowadays by Jonifico · · Score: 2

    I mean, Gmail, iCloud (tell Jennifer about that) now Dropbox. Shizzle not be safe, fellas.

  5. latenightbootycalls by alen · · Score: 1

    is that a password everyone? seems to be all over the pastebin. or is it one guy making dozens of accounts with the same password

  6. Re:It's getting scary to put content online nowada by AvitarX · · Score: 2

    Isn't the problem relatively week passwords and password reuse?

    My understanding of the iCloud attack is that it was brute forced (due to Apple not limiting login attempts via certain attempts to access).

    This means someone needed to target a specific address, and hope it had a week password.

    This other leak we're reading about today is a password reuse issue, which is really the biggest risk, considering how many sites don't use https, and perhaps have horrible back-end security.

    --
    Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
  7. Pretty clear to me by Anonymous Coward · · Score: 1

    Dropbox
    (a) Wasn't Hacked,
    (b) Says Leaked Credentials Are From Unrelated Services

  8. Password Reuse by Anonymous Coward · · Score: 0

    xkcd.com/792

  9. yeah sure.. by Anonymous Coward · · Score: 0

    I'm currently at my third random dropbox specific email address, never used or entered into any other system (not linked dropbox to anything), and recently had thousands of spam messages a day sent here.

    So how did this email and the previous two (from past years) end up in the unrelated service? Why didn'nt any others? I have catch all configured that would detect random spamming, so why is it allways dropbox?

    1. Re:yeah sure.. by Anonymous Coward · · Score: 0

      I've gotten at most about one email a month from Dropbox.

    2. Re:yeah sure.. by linuxgurugamer · · Score: 1

      Sounds like you have a virus or malware on your computer which reports these random addresses to a third party.

  10. Is the bigger threat to your Dropbox.... by Anonymous Coward · · Score: 0

    Is the bigger threat to your Dropbox someone getting at something that is in there or putting something in there illegal / dangerous to your devices?

  11. Finger pointing by tomhath · · Score: 3, Interesting

    Dropbox wasn't hacked, but your email address and password were. This is why I hate websites that insist on harvesting email addresses. I know one might be needed for some purposes but don't show it without additional authentication, or better yet, don't ever show it..

  12. Tool to check user/pass combos by SecState · · Score: 1

    There's a tool here to check whether a particular user has had his/her e-mail and password dumped. Most of them haven't been posted yet but supposedly this site will be updated if more are leaked. http://davidba.in/DropBoxCheck...

  13. Finger pointing by Anonymous Coward · · Score: 0

    The stupid shall be punished.

  14. Dropbox leaked by Anonymous Coward · · Score: 0

    Dropbox username-password
    http://filecom.net/eyOD6Ny