Hundreds of Dropbox credentials have been leaked by hackers who claim to have seven million logins, but the cloud storage service says its system was not breached.
A post on website Patebin.com late yesterday evening detailed the email addresses and passwords of 400 accounts and the hackers have promised to make more available in return for Bitcoin donations.
“More bitcoin = more accounts published on pastebin,” said the post. “As more BTC is donated, more pastebin pastes will appear. To find them, simply search for "DROPBOX HACKED" and you will see any additional pastes as they are published.”
Dropbox has denied that its systems had been breached saying that log-in credentials had been stolen from another web service and the hackers had then attempted to use the details to log in to a host of other Internet services, including Dropbox, due to the fact that many users use the same password for multiple accounts.
A company spokesman said: "Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts.
“We'd previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well."
Dropbox says it performed password resets when it detected ‘suspicious activity’ on the accounts a few months ago, but users are still recommended to rest their passwords.
A post on the company’s blog posted by Anton Mityagin, from the Dropbox security team, said: “Attacks like these are one of the reasons why we strongly encourage users not to reuse passwords across services. For an added layer of security, we always recommend enabling 2-step-verification on your account.”