If you use Dropbox to store and share your photos, the recent news of an alleged username and password hack probably has you worried. But according to Dropbox, it shouldn’t. Not only was Dropbox not hacked, but any usernames/passwords that might have been compromised were reset months ago due to suspicious activity.
The original report of the hack was published on The Next Web, who stumbled across a thread on Reddit with links to hundreds of user/pass combinations that the thread claimed were from Dropbox.
Tagged as a ‘teaser,’ the hacker had allegedly secured seven million passwords, which they were offering to release in exchange for bitcoin donations. A few Reddit users even supposedly ‘confirmed’ that several of the logins worked. Dropbox, however, begs to differ.
In a statement to The Next Web followed by a company blog post to the same tune, Dropbox explained what actually happened:
Recent news articles claiming that Dropbox was hacked aren’t true. Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens.
The statement to TNW says much the same thing, adding that they checked these passwords and, while ‘a vast majority’ were already expired from a long time ago, the rest had been ‘expired’ once suspicious activity was detected.
Based on the information out there, it seems your photos are, indeed, safe if they’re on Dropbox. But if you want to be extra careful, we will second the suggestion Dropbox made on its blog and tell you to activate 2-step verification for your account.
You can find out how to do this by following this link.
Hundreds of Dropbox Passwords May Have Leaked Online in Alleged Hack [The Next Web via Lifehacker]