Hacker Claims 7M Dropbox Accounts Were Compromised, Company Says It Wasn’t Actually Hacked

A hacker claims to have accessed 7 million Dropbox user accounts, but the company maintains its system wasn’t breached.

It’s almost as if reports of new data breaches are popping up as often as vehicle recalls these days. The latest compromise comes after a hacker claims to have gained access to nearly 7 million Dropbox account credentials, something the cloud storage service says simply isn’t the case.

While the alleged hacker claims to have posted nearly 400 emails and passwords associated with Dropbox accounts online – with several million left to unveil – Dropbox officials say a vast majority of that information isn’t genuine or expired long ago, TechCrunch reports.

Dropbox confirmed that the first 400 emails and passwords posted by the hacker were indeed associated with user accounts, but that the passwords had expired some time ago.

Several subsequent posts of account credentials by the alleged hacker were deemed to not be genuine, a Dropbox blog post titled “Dropbox Wasn’t Hacked” states.

“Dropbox has not been hacked,” the post states. “These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well.”

Officials with the cloud storage provider say that blame for the 400 accounts compromised thus far belongs to third-party services and that the company’s own security has not been compromised.

Instead, they say it appears the issue has to do with password reuse, not a security breach of some type.

“Recent news articles claiming that Dropbox was hacked aren’t true,” the post starts. “Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens.”

And thus, the company maintains that no actual accounts were compromised as a result of the leak.

Dropbox Confirms Compromised Account Details But Says Its Servers Weren’t Hacked [TechCrunch]