Earlier this week, a hacker claiming to have obtained 7 million Dropbox accounts posted 400 username and password combinations to Pastebin, dangling them as bait to anyone who wanted them. The idea was to solicit bitcoin donations in exchange for the user data: The more people donated, the more he would publish.
On Monday, however, Dropbox denied that it had been hacked, claiming the accounts had come from elsewhere on the Internet. “Recent news articles claiming that Dropbox was hacked aren’t true,” wrote Dropbox’s Anton Mityagin in a blog post. “Your stuff is safe.” The company went through the usernames and passwords, and verified that they weren’t associated with Dropbox accounts.
“The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox,” wrote Mityagin. “We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens.”
Still, if you’re a Dropbox user, it’s probably a good idea to turn on two-step verification if you haven’t already.
It’s already been a long week for Dropbox. A video of what looked to be Dropbox employees attempting to kick children off a San Francisco soccer field surfaced on Friday, igniting a minor online firestorm. And over the weekend during an interview for the New Yorker Festival, NSA whistleblower Edward Snowden said that anyone wary of privacy issues might want to think about getting rid of Dropbox altogether.