Did Your Dropbox Account Really Get Hacked?

Christian Cawley 15-10-2014

News reports are circulating on the web and offline that Dropbox has been breached, with millions of passwords in the hands of hackers. But is this the full story?


The Claim: Dropbox Has Been Hacked

On Sunday we began hearing the first rumours that Dropbox had been hacked. The implications of a password leak for users of the popular cloud storage service are considerable, from the loss of vital projects to personal data being stolen.


According to the hackers, 6,937,081 Dropbox accounts have been compromised, with a sample of 400 posted to Pastebin, demanding money in the Bitcoin crypto currency for more account names to be revealed.


As more BTC is donated , More pastebin pastes will appear


To find them, simply search for “DROPBOX HACKED” and you

will see any additional pastes as they are published.

FIRST TEASER – 400 DROPBOX ACCOUNTS Just to get things going…

It’s fair to say that 400 is a good number to start getting people interested. Immediately the news started appearing on tech sites and Reddit, dancing across Twitter and mainstream news sources.


As with other reports of leaks in the past few months, however (most recently with the overstated implications of The Snappening The Snappening: Hundreds of Thousands of Snapchats May Have Been Leaked Read More ), it is fair to say that the claim that Dropbox had been hacked was an exaggeration of sorts.

“No We Haven’t” Says Dropbox

Responding to the claims, Dropbox – whose user base numbers over 220 million – released a blog post in which they denied the claims of a hack.

Recent news articles claiming that Dropbox was hacked aren’t true. Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens.

They later updated the blog:


A subsequent list of usernames and passwords has been posted online. We’ve checked and these are not associated with Dropbox accounts.

This, of course, would be reassuring if not for the fact that…

Some Credentials Work, Say Reddit Users

Just when you thought all was right with the world again, and that the hack was nothing more than a random collection of usernames and passwords acquired by spammers five years ago, it turns out that actually, Dropbox hasn’t been entirely forthright with its rebuff.



Reddit users have been checking some of the username and password combinations and found that some work.

This clearly causes a problem.

Although the list of names that the hackers claim to have is only around 3% of the total number of Dropbox users, it still represents a sizeable number of accounts.

You could be one of them.

You Must Know What To Do By Now: Change Your Password & Use 2FA!

So far in 2014 we’ve had accounts breached at eBay The eBay Data Breach: What You Need To Know Read More , as well as at JP Morgan, Home Depot and Target Store You Shop At Get Hacked? Here's What To Do Read More . We’ve also had claims of what can only be described as an über hack of 1.2 billion credentials Russian Hacking Gang Captures 1.2 Billion Credentials: What You Should Do Read More that turned out to be at best spurious and at worst an attempt to farm usernames and passwords with a bogus “have you been hacked?” tool.

By now, you should be aware of what you need to do. Here’s a reminder:

First, change your Dropbox password. It should be something completely new, and if you’re stuck, use our guide to make secure, memorable passwords 13 Ways to Make Up Passwords That Are Secure and Memorable Want to know how to make up a secure password? These creative password ideas will help you create strong, memorable passwords. Read More . You can change the Dropbox password by logging into the website, clicking on your name, then Settings > Security > Change password.

Whether you think you have been caught in this hack or not, it is safest to change the password.


Second, on the same screen, Enable the Two-step verification option. Follow the instructions for this, which will require either an SMS message sent to your phone for verification or the installation of an authenticator app. Android, iPhone and Blackberry users can install Google Authenticator while Windows Phone users have Authenticator.


Hacks and rumours of hacks are becoming increasingly commonplace. It is imperative to the safety of your digital persona – something that encompasses email, social networking and financial transactions – that you ensure your accounts are safe and secure.

Do you use Dropbox? Are you concerned by this alleged leak? Tell us your thoughts in the comments section.

Image credits: Gil C /, Cloud and key via Shutterstock, Silhouette of a hacker looking in monitor via Shutterstock

Explore more about: Dropbox, Online Security.

Whatsapp Pinterest

Enjoyed this article? Stay informed by joining our newsletter!

Enter your Email

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Jim
    October 15, 2014 at 8:02 pm

    Do not use 2FA. Password changed frequently. Here is my last password I used:

    If file or folder is critical it is also encrypted before I put it in Dropbox.

    Paranoid? Maybe, but I have not had an account or internet site that I use hacked yet.

  2. CJ
    October 15, 2014 at 5:53 pm

    I use 2FA and I'm not the least bit concerned about the supposed hack. Even if my account were compromised there's nothing in it of any consequence.