A hacker claims to have stolen about 7 million usernames and corresponding passwords from for Dropbox. On Monday, someone posted a Reddit thread linked to files containing a sample of about 400 Dropbox usernames and passwords. Some Reddit users claimed that many of the passwords were working at the time the thread was posted.

Dropbox Was Not Hacked, Passwords Were Leaked

Dropbox passwords revealed by hacker no longer in service

Hackers claimed that the data for close to 7 million accounts were stolen directly from Dropbox servers. Dropbox is one of the most popular cloud-based file storage and sharing service. However, the company rejected the claims that its servers were infiltrated. Instead, it put the blame on a third-party service. Dropbox told The Next Web that it noticed some suspicious activity a few months ago, and automatically reset the passwords for associated accounts.

In a blog post titled “Dropbox wasn’t hacked,” the company said that user credentials were stolen from third-party services and tested on several websites, including Dropbox. The company later updated its blog, adding that all passwords revealed by the hacker on Reddit were no longer in service. And many of them have been expired “for some time now.”

Dropbox

 

Enable two-step verification

You should change your password and enable two-step verification, which requires an app on a cell phone. Once you have turned on the two-factor verification, you’ll receive a time-sensitive code whenever someone attempts to access your account from a new device. Here is a step-by-step instruction to enable the two-step verification protocol.

It’s not the first time the reports of hacking of Dropbox account have surfaced. In 2012, many Dropbox accounts were compromised after a hack of third-party websites exposed Dropbox credentials. The year prior, the company admitted that unwittingly published code on its platform that let anyone sign in to any Dropbox account without credentials.

To prevent any such attacks, the company recommended users not to use the same password across multiple services.