Using Dropbox: Your Username and Password Could Have Been Stolen and Made Public by Cyber-Criminals
Using Dropbox: your username and password could have been stolen and made public by cyber-criminals Dropbox

If you are a Dropbox user, then this piece of news will certainly set alarm bells ringing. Apparently, cybercriminals belonging to an unknown group have threatened to expose login details of more than seven million users worldwide.

According to a Next Web report, that quotes a Reddit thread, links to multiple files storing confidential Dropbox user-login details including usernames and passwords have been found.

These personal user details were said to have been stored in plain text format, thus making them easily accessible to leaks and unauthorised use of account.

Leaks were reportedly found within a web portal called Pastebin, which according to Next Web contains the login credentials of an estimated 400 Dropbox user accounts.

Hackers are apparently demanding Bitcoin donations in return for the stolen user login credentials, and have reportedly threatened to release more Dropbox user credentials online if their demands are not met.

Dropbox denies user-credential hack

In a statement to Next Web, Dropbox has denied that the cloud storage service (and its server) was hacked. It added that user credentials were obtained by cyber criminals via third-party services and applications.

The company also stated that a significant number of passwords currently posted by hackers online have expired long ago.

Finally, Dropbox adds that it had earlier detected attacks similar to the current username/password breach, and had taken precautions such as resorting to performing automatic password reset on 'suspicious' accounts.

"Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We'd previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well," said Dropbox, in a statement to Next Web.

The cloud storage company is also currently sending out emails to its users cautioning them to reset account password, in order to add security to their Dropbox account.

In summary, even though Dropbox has denied that its servers were breached, and laid the blame for the latest hack on third-party applications, do remember that the company's servers allow third-party apps to access the cloud-storage platform.