File-sharing service Dropbox has denied that its servers were compromised in a security breach that saw hundreds of alleged account details posted online - but millions of accounts could still be at risk.
An anonymous hacker claims that close to seven million accounts have been hacked, releasing several hundred account logins and passwords to the text-sharing site Pastebin by way of proof.
The hacker is demanding that bitcoin is paid before more account details are released publicly.
Dropbox has issued a statement saying that it wasn't hacked, claiming that its users' content is safe.
"Recent news articles claiming that Dropbox was hacked aren't true, " the statement reads. "Your stuff is safe. The usernames and passwords in these articles were stolen from unrelated services, not Dropbox.
"We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens.
"We'd previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have expired as well."
However, despite these claims, this does not rule out the possibility that the account details yet to be released are still active. Dropbox has only confirmed that the 400 released details have been expired.
Many people use the same email addresses and passwords across multiple sites, meaning that the details released online could in fact be used across a multitude of other websites and online services, including email and social networks.
Earlier this week, NSA whistleblower Edward Snowden warned that people who care about their privacy should avoid sites like Dropbox.
"We're talking about encryption, we're talking about dropping programs that are hostile to privacy," Snowden said via a remote interview as part of the New York festival.
"For example, Dropbox? Get rid of Dropbox, it doesn't support encryption, it doesn't protect your private files. And use competitors like SpiderOak, that do the same exact service but they protect the content of what you're sharing."
Users are encouraged to change passwords, use different passwords across different services and enable two-step verification where possible to ensure that their accounts are not compromised.