Slashdot Mirror

← Back to Stories (view on slashdot.org)

Dropbox Wasn't Hacked, Says Leaked Credentials Are From Unrelated Services

Posted by timothy on from the effect-is-the-same-to-users dept.

An anonymous reader writes Dropbox has denied that they have been hacked, and that the login credentials leaked by an unknown individual on Pastebin are those of Dropbox users. "Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox," Anton Mityagin from the Dropbox security department noted in a post.

18 of 29 comments (clear)

  1. Don't reuse passwords, folks. by exploder · · Score: 5, Insightful

    This is why.

    --
    Yo dawg, I heard you like the Ackermann function, so OH GOD OH GOD OH GOD
    1. Re:Don't reuse passwords, folks. by exploder · · Score: 1

      That's not something I'd describe as "reusing passwords".

      --
      Yo dawg, I heard you like the Ackermann function, so OH GOD OH GOD OH GOD
    2. Re:Don't reuse passwords, folks. by JackieBrown · · Score: 4, Funny

      Yep - for dropbox I use ""password-dropbox"

    3. Re:Don't reuse passwords, folks. by peragrin · · Score: 1

      I used to use 12345. But then I switched to the more secure 98765. No one ever thinks to go backwardshey just checking but my passwords show up as ***** to you guys right?

      --
      i thought once I was found, but it was only a dream.
    4. Re:Don't reuse passwords, folks. by MightyYar · · Score: 1

      It's fine to re-use them for "I don't give a shit" sites like Slashdot.

      --
      W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
    5. Re:Don't reuse passwords, folks. by nine-times · · Score: 2

      That's not secure! You should use "p@ssw0rd-dr0pb0x".

    6. Re:Don't reuse passwords, folks. by Lumpy · · Score: 1

      Why? for useless crap I reuse a lot. I consider Drop Box useless as it's not private nor secure. It's a free throwaway service.

      In fact it's smarter to reuse on places like forums and interest webpages.

      --
      Do not look at laser with remaining good eye.
    7. Re:Don't reuse passwords, folks. by butalearner · · Score: 1

      It's convenient to back up and/or share unimportant files, for example I use it to pass ebooks between my reading devices and back up my NaNoWriMo novel as I'm writing it. They have two-factor authentication nowadays, so with encryption it could be fairly well private and secure.

    8. Re:Don't reuse passwords, folks. by telchine · · Score: 1

      Yep - for dropbox I use ""password-dropbox"

      For Dropbox, I use this one... Robert'); Select username, password FROM users;--

  2. Finally by suman28 · · Score: 5, Funny

    I can finally get access to that account I had forgotten! Can you also include my hotmail account with the same user ID in the next posting?
    Thank you, BTC

    1. Re:Finally by Anonymous Coward · · Score: 2, Funny

      You know, if the NSA would just start providing this as a service, no one would ever complain again.

      https://passwordrecovery.nsa.gov/DropBox
      https://passwordrecovery.nsa.gov/Hotmail
      etc.

  3. It's getting scary to put content online nowadays by Jonifico · · Score: 2

    I mean, Gmail, iCloud (tell Jennifer about that) now Dropbox. Shizzle not be safe, fellas.

  4. latenightbootycalls by alen · · Score: 1

    is that a password everyone? seems to be all over the pastebin. or is it one guy making dozens of accounts with the same password

  5. Re:It's getting scary to put content online nowada by AvitarX · · Score: 2

    Isn't the problem relatively week passwords and password reuse?

    My understanding of the iCloud attack is that it was brute forced (due to Apple not limiting login attempts via certain attempts to access).

    This means someone needed to target a specific address, and hope it had a week password.

    This other leak we're reading about today is a password reuse issue, which is really the biggest risk, considering how many sites don't use https, and perhaps have horrible back-end security.

    --
    Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
  6. Pretty clear to me by Anonymous Coward · · Score: 1

    Dropbox
    (a) Wasn't Hacked,
    (b) Says Leaked Credentials Are From Unrelated Services

  7. Finger pointing by tomhath · · Score: 3, Interesting

    Dropbox wasn't hacked, but your email address and password were. This is why I hate websites that insist on harvesting email addresses. I know one might be needed for some purposes but don't show it without additional authentication, or better yet, don't ever show it..

  8. Re:yeah sure.. by linuxgurugamer · · Score: 1

    Sounds like you have a virus or malware on your computer which reports these random addresses to a third party.

  9. Tool to check user/pass combos by SecState · · Score: 1

    There's a tool here to check whether a particular user has had his/her e-mail and password dumped. Most of them haven't been posted yet but supposedly this site will be updated if more are leaked. http://davidba.in/DropBoxCheck...