Article
Dropbox not hacked but change your passwords anyway
- October 14, 2014
- Updated: July 2, 2025 at 7:25 AM
Last night, an anonymous hacker claimed he had a database of over seven million Dropbox usernames and passwords. He or she leaked the first four hundred credentials online to prove the info was legitimate and began asking for donations to leak more.
Dropbox quickly responded, stating the leaked password database was not obtained from the company’s servers. Dropbox had not been hacked. Instead, the usernames and passwords were obtained from various other password dumps from separate attacks.
Here’s the company’s official statement:
“Recent news articles claiming that Dropbox was hacked aren’t true. Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens.”
Dropbox also verified that many of the passwords in the dump were already expired, but reset user accounts just in case.
It’s unclear where this database of passwords and usernames originated from, but it’s likely the hacker is sensationalizing his attack to soliciting money from the internet black market.
If there’s anything to take away from this story, it’s that hackers are becoming increasingly aggressive. They’re collecting as much user data as possible to sell on the black market, whether or not the information is actually useful.
Snapchat also faced a security scare this week. While Snapchat wasn’t hacked, users who signed up for unauthorized Snapchat apps that saved their friends’ photos and videos allowed hackers to leak over 200,000 photos and videos.
It bears repeating that you should never use the same password on multiple sites. Always use a password manager to generate passwords for each site you use.
Dropbox also supports two-factor authentication, which requires you to have a randomized code either sent to you via SMS or using an authenticator app. If you don’t have this feature enabled, do it now. Check out my guide on how to enable it.
While Dropbox may not have been compromised, you should still change your password just in case.
For more about protecting yourself online, read my guide on how to protect your online identity and why you should care.
Source and image credit: Dropbox
Related Stories
Snapchat not responsible for leaked photos but it could have done more
Hundreds of thousands Snapchat images leaked but you’re probably safe
iCloud gets serious about security, now requires app-specific passwords
iOS lock screen exploit tricks Siri into revealing your email, SMS and Twitter
Follow me on Twitter: @lewisleong
You may also like
NewsThe infinite canvas: use of Generative Expand for print bleeds and concept exploration
Read more
NewsJames Gunn clarifies the future of Harley Quinn after years of being a DC icon
Read more
NewsSouth Korea has grown in streaming much more than expected. They have to thank themselves
Read more
NewsOne of the most controversial (and brave) artists in history will have her own biopic
Read more
NewsWe have been waiting 15 years for the end of one of the best mangas in history. And now, finally, it is going to arrive
Read more
NewsThunderbolts is coming to Disney+ sooner than you thought: This will be the release date on the platform
Read more