We all know Dropbox is very good site for cloud storage and storing data from smartphones or from tablet on clouds. Recently a plain-text file was posted to Pastebin with a provocative headline claiming massive account of Dropbox Compromised. There was around 400 user name and passwords for compromised dropbox account credentials. Few of reddit users and folks discovered about links to files containing hundreds of usernames and passwords for Dropbox accounts in plain text, but it’s unclear where they were obtained from.

7 Million Dropbox Accounts Compromised - Change Dropbox Password

A message annotated at the top of the leaks said:

Here is another batch of Hacked Dropbox accounts from the massive hack of 7,000,000 accounts
To see plenty more, just search on [redacted] for the term Dropbox hack.

More to come, keep showing your support

Few Reddit users confirmed that username and password worked for them with multiple credentials at a time. However Dropbox refused to that statement.

Dropbox issued a statement to the publication, which reads,

The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens.

Attacks like these are one of the reasons why we strongly encourage users not to reuse passwords across services. For an added layer of security, we always recommend enabling 2 step verification on your account.

Update: 10/14/2014 12:30am PT

A subsequent list of usernames and passwords has been posted online. We’ve checked and these are not associated with Dropbox accounts.

It is recommended that you consider changing your Dropbox password from My Dropbox Account and also enable 2 step verification on Dropbox that may help in preventing such issues in future.

Reference :