CloudSecurityWorkspace

Millions Of Dropbox Passwords “Hacked”

Michael Moore joined TechWeek Europe in January 2014 as a trainee before graduating to Reporter later that year. He covers a wide range of topics, including but not limited to mobile devices, wearable tech, the Internet of Things, and financial technology.

Follow on: Google +

Up to seven million passwords are apparently being held to ransom by hackers demanding Bitcoin

Hackers have apparently stolen the user details and passwords of millions of users from online storage firm Dropbox.

Up to seven million users risk having their details revealed unless the site pays a major ransom in the form of popular online cryptocurrency Bitcoin.

The details were apparently posted in four entries on file-sharing site Pastebin last night, with links to the page emerging across Reddit. However Dropbox has denied it has been hacked, saying the passwords were stolen from third-party services.

Hacker, cyber crime © Stokkete, Shutterstock 2014At risk?

“The usernames and passwords…were stolen from unrelated services, not Dropbox,” Dropbox’s Anton Mityagin wrote in a blog post regarding the hack.

“Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place that detect suspicious login activity and we automatically reset passwords when it happens.”

“Attacks like these are one of the reasons why we strongly encourage users not to reuse passwords across services. For an added layer of security, we always recommend enabling 2 step verification on your account.”

According to The Next Web, Dropbox has already performed a hard reset on the accounts listed in the Pastebin post, which contained a list of 400 emails, all starting with the letter B, as well as matching plain text passwords.

The poster claimed that this was the first part of a large-scale Dropbox hack, naming the post a “first teaser…just to get things going”.

The hackers are also promising to release more details if they’re paid for the information, saying “More Bitcoin = more accounts published on Pastebin. As more BTC is donated, More pastebin pastes will appear.”

Dropbox had introduced new security features across its services earlier this year, as the company looked to reassure customers as to the safety of its product. Users of Dropbox Pro and Dropbox for Business can now add passwords and set expiration dates for shared links, while lost or stolen devices can be remote wiped of all data.

Dropbox currently has 300 million users in total, with the service hosting one billion shared folders and links and 1TB of files saved daily. The number of users has grown by 200 percent in the past 18 months and there are 300,000 applications built on the platform. The company is set to open a UK office in London as part of its ongoing expansion plans, explaining that 70 percent of its users are based outside the US.

What do you know about Internet security? Find out with our quiz!