Reddit users are claiming that several Pastebin files containing hundreds of Dropbox users' usernames and passwords have been leaked. Change your password just in case and activate two-factor authentication if you haven't already. Update: Dropbox claims that their servers have not been breached and this info was stolen from a third party.


According to the Next Web, the leaked lists are meant to "entice" users to donate Bitcoin, at which point the purported hacker will release even more users' info—the worst kind of free sample. The message preceding the most recent list reads:

Here is another batch of Hacked Dropbox accounts from the massive hack of 7,000,000 accounts

To see plenty more, just search on [redacted] for the term Dropbox hack.

More to come, keep showing your support

To put it another way: You need to change your password. And make sure that two-factor authentication is turned on.


Dropbox has already sent out password reset emails to any users whose info might have been compromised, but even if that doesn't include you (yet)—better safe than sorry. [The Next Web]

Update 11:29pm:

A spokesperson from Dropbox has provided us with the following statement:


Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We'd previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well.

So while Dropbox may not have been targeted directly, this (potentially) huge cache of login info may indeed have come from any of the hundreds of third-party apps that login to Dropbox on your behalf on a daily basis. In other words—for god's sake, change your password.