Dropbox Usernames And Passwords Leak Online: Time To Change Your Logins

Hope you can think of another completely random series of letters and numbers to carry around in your head: usernames and passwords of Dropbox users have leaked online, with the cloud storage service reportedly forcing a reset of every user's password this afternoon.

An entry on Pastebin has appeared today showing 400 Dropbox usernames and passwords, all in plain text. The names and passwords are only a snippet of what the hackers claim to have, with everything alphabetised in the B's.

The hacker or hackers are calling for Bitcoin donations to fund the operation, adding that the more Bitcoin that's donated will result in more usernames and passwords being leaked.

The hackers claim that they've hacked millions of accounts. 6.9 million to be specific, complete with "photos, videos, other files".

Whether your name is on here or not, it's probably time to turn on two-factor authentication and change your password.


Dropbox has issued a statement to The Next Web, asserting that it wasn't hacked, and that it was a third-party service that was compromised. Here's the statement:

Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well.




    So in between the hackers wildly exaggerating what they got and Dropbox completely downplaying it, what's the truth?

    Never seems to surprise me when this happens, and it's also a good reminder not to use the same passwords for everything.

    Password managers are your friend.

      How are password managers your friend?

        1. You only need to remember the master password to access your login's
        2. You can generate a unique password for every website/service you use
        3. You can create backups on various cloud networks and locally

      I'd be lost without lastpass. I literally don't know a single username/password for any site I use, except my lastpass master password.

        How does that work though if you are out somewhere and needed to jump on a friends computer (for instance) to retrieve something from your dropbox account? Are you out of luck or can you access lastpass online to obtain your password?

          Yep. You can log in to the web to retrieve passwords manually

          Yep - You can log into Lastpass (In my case with 2 step ver.) Get to the dropbox login details, copy the password, then lo in to Dropbox (again 2 step) and do what you need to do.
          Pref - do this in an incognito session so nothing remains afterwards.

            Thanks. I think it's time I gave last pass a go then, as it's not safe to have the same login details for multiple sites, and remembering a password for each site is no longer feasible given the number of accounts we all have these days.

    I guess that's what happens when you try to kick kids off a soccer field!

    Not true! https://blog.dropbox.com/2014/10/dropbox-wasnt-hacked/

    But why does another company have my personal information??!

    Hacked or not, Im changing my password anyway. Not that I trust Dropbox with any of my data anymore considering they've lost a few peoples files recently.

Join the discussion!

Trending Stories Right Now