In a bizarre situation, recently almost seven million Dropbox passwords leaked of which hackers posted 400 accounts on Reddit with a message stating:

Here is another batch of Hacked Dropbox accounts from the massive hack of 7,000,000 accounts
To see plenty more, just search on [redacted] for the term Dropbox hack
More to come, keep showing your support.

The post threatened that 6.9 Mn Dropbox accounts has been hacked, including photos, videos and other files.

Dropbox was quick to deny it had been hacked. Dropbox in statement said,

Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens..

In a similar situation, last month nearly 5 Mn Google account passwords were hacked, however Google also said that these leaked usernames and passwords were not the result of a breach of Google systems and these were obtained from other sources.

Attacks like these are one of the reasons why users shouldn’t reuse the same passwords across services and add 2 step verification of accounts should always be done.

Note: We at Inc42 take our ethics very seriously. More information about it can be found here.