The passwords of nearly 7 million Dropbox accounts have been seized through third-party services and 400 directly leaked on Pastebin, with promises of more leaks following bitcoin donations. Dropbox denies a hack.
The leaker described the 400 as a “first teaser...just to get things going” and followed with: “More Bitcoin = more accounts published on Pastebin. As more BTC is donated, More pastebin pastes will appear.”
It remains unclear how the details were obtained; the hackers claim ownership of details from 6,937,081 different accounts – claims that cannot in any way be verified.
Dropbox, denies that a hack has taken place.
“Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts,” it said.
“We'd previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have expired as well.”
Dropbox said in a statement to ‘The Next Web’, however, that it performed “password resets” when it uncovered ‘suspicious activity’ on particular accounts a few months ago.
Former NSA contractor Edward Snowden lashed out at Dropbox on Sunday, accusing it of being“hostile to privacy”. He urged web users to abandon unencrypted communication and adjust privacy settings to prevent governments from spying on them in increasingly intrusive ways.
Snowden advised web users to “get rid” of Dropbox. Such services only insist on encrypting user data during transfer and when being stored on the servers. Other services he recommends instead, such as SpiderOak, encrypt information while it’s on your computer as well.
“We're talking about dropping programs that are hostile to privacy,” Snowden said.