Dropbox users can breathe a sigh of relief today. Your Dropbox account has not been compromised.
Hackers are claiming they have stolen nearly 7 million usernames and password combinations from Dropbox. A claim that Dropbox says is simply not true.
Hundreds of the supposed usernames and passwords were dumped on Pastebin yesterday. In order for the hackers to dump more, they wanted Bitcoins in exchange.
Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens.
Mityagin also took the opportunity to remind folks to enable 2 step verification for an additional layer of security. This should be done on any service that offers it. Basically, you’ll have to add a second security code in order to access your account.
Another list of usernames and passwords were posted online and Dropbox also said those usernames aren’t associated with Dropbox accounts.
It looks like the hackers were looking for some easy bitcoins.