Earlier this evening a thread on Reddit claimed to have over 7 million Dropbox logins ‘hacked’ according to TNW, but it turns out this was in fact not true.
Dropbox has reiterated it wasn’t hacked, but rather the leaked credentials posted “were stolen from unrelated services” and then used in attempts to login to their services:
Recent news articles claiming that Dropbox was hacked aren’t true. Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens.
Attacks like these are one of the reasons why we strongly encourage users not to reuse passwords across services. For an added layer of security, we always recommend enabling 2 step verification on your account.
According to Dropbox, suspicious login activity results in passwords being reset. This is a good reminder to turn on 2-step verification for Dropbox if you haven’t already.