An unknown hacker group claims that they have obtained login details of 6,937,081 Dropbox users. As a prove they have posted a part of username and password combinations onto Pastebin. Most social media reports and redditers claim that majority of the published login credentials seem to be working.
Hackers also included their Bitcoin address and said that they will post more compromised accounts when they receive a donation. As 6:30am UTC they had received three donations that adds up to only 0.0032 BTC. It is approximately equivalent of 1.276$. Even though they do not receive any substantial donations and the first donation took some time to to be made, the group posted two additional leaks without any support. Nevertheless, these leaks were rather small – 1st leak contained Dropbox logins of 400 users, 2nd leak had 100 hundred usernames with passwords, and with the 3rd leak hackers posted 100 hundred more login details.
However, regardless of how small and rare the donations were so far it did not stop hackers from posting more user details. As of 6:49am UTC the group had posted 8 leaks. These leaks contain a total of 1901 usernames with corresponding passwords.
Looking at all the passwords and usernames leaked by the hackers it is obvious that all the passwords are very generic and you may think that the users have referred to a list of “what passwords you should never use” to create their own passwords. The majority of the logins that have been posted by the hackers contains no special characters. For example only 3 passwords contain the “$” sign, there are 2 passwords with “*”, the same amount of passwords contains the signs “_” or “-” and only 5 users use “!” in there passwords. That is just 14 passwords that are not created by letters and numbers only making it less than 1% of all the passwords that have been leaked. Moreover, there are passwords like “pass1234”, “abcd”, “abc123”, “88888888” and there iterations. There are even passwords that are the same as their e-mail accounts.
Taking the simplicity of the login details into account we can make an assumption that users whose Dropbox accounts details have been leaked, did not try to secure their credentials and maybe even used them on various sites thus exposing it to more threats. The report from Dropbox addresses this problem and says that their platform was not hacked, rather hackers most likely managed to hack other platforms that their users were accessing with the same login details as they are using for their Dropbox accounts. Dropbox recommends all of their users to enable a 2 step verification alongside different password for various websites to improve account security.
The report has been updated at 7:30am UTC to report that the latest list of usernames and passwords that hackers have leaked are not associated with Dropbox accounts.
Even though Dropbox reassures that after noticing irregular activity from accounts they reset account’s password it, we should learn from this example and other hacking stories that it is necessary to use different passwords on every website or platform to ensure the minimum protection of our privacy. Furthermore, it shows that hackers are always interested in obtaining the personal data that we store on/transfer through internet. Therefore you should consider improving your virtual privacy more than just putting a different password. Services like VPN provides exactly what is needed by a simple internet user and an internet fanatic that knows the risks of every step they take on the internet. In our opinion NordVPN is the best VPN provider right now and you should consider taking a look at the features they provide their users.