Slashdot Mirror

← Back to Stories (view on slashdot.org)

Dropbox Wasn't Hacked, Says Leaked Credentials Are From Unrelated Services

Posted by timothy on from the effect-is-the-same-to-users dept.

An anonymous reader writes Dropbox has denied that they have been hacked, and that the login credentials leaked by an unknown individual on Pastebin are those of Dropbox users. "Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox," Anton Mityagin from the Dropbox security department noted in a post.

8 of 29 comments (clear)

  1. Don't reuse passwords, folks. by exploder · · Score: 5, Insightful

    This is why.

    --
    Yo dawg, I heard you like the Ackermann function, so OH GOD OH GOD OH GOD
    1. Re:Don't reuse passwords, folks. by JackieBrown · · Score: 4, Funny

      Yep - for dropbox I use ""password-dropbox"

    2. Re:Don't reuse passwords, folks. by nine-times · · Score: 2

      That's not secure! You should use "p@ssw0rd-dr0pb0x".

  2. Finally by suman28 · · Score: 5, Funny

    I can finally get access to that account I had forgotten! Can you also include my hotmail account with the same user ID in the next posting?
    Thank you, BTC

    1. Re:Finally by Anonymous Coward · · Score: 2, Funny

      You know, if the NSA would just start providing this as a service, no one would ever complain again.

      https://passwordrecovery.nsa.gov/DropBox
      https://passwordrecovery.nsa.gov/Hotmail
      etc.

  3. It's getting scary to put content online nowadays by Jonifico · · Score: 2

    I mean, Gmail, iCloud (tell Jennifer about that) now Dropbox. Shizzle not be safe, fellas.

  4. Re:It's getting scary to put content online nowada by AvitarX · · Score: 2

    Isn't the problem relatively week passwords and password reuse?

    My understanding of the iCloud attack is that it was brute forced (due to Apple not limiting login attempts via certain attempts to access).

    This means someone needed to target a specific address, and hope it had a week password.

    This other leak we're reading about today is a password reuse issue, which is really the biggest risk, considering how many sites don't use https, and perhaps have horrible back-end security.

    --
    Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
  5. Finger pointing by tomhath · · Score: 3, Interesting

    Dropbox wasn't hacked, but your email address and password were. This is why I hate websites that insist on harvesting email addresses. I know one might be needed for some purposes but don't show it without additional authentication, or better yet, don't ever show it..