Members
  • Total Members: 14197
  • Latest: Levine
Stats
  • Total Posts: 43426
  • Total Topics: 16523
  • Online today: 2717
  • Online ever: 51419
  • (01. January 2010., 10:27:49)
Users Online
Users: 1
Guests: 2716
Total: 2717









Author Topic: Dropbox is (not) Hacked !?  (Read 2180 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7529
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Dropbox is (not) Hacked !?
« on: 14. October 2014., 19:11:09 »


Hackers claim to have stolen a database of almost 7 million Dropbox log-in credentials, but the company says its service was not hacked and that unrelated websites are the data source.

The first data dump appeared Monday in an anonymous post on Pastebin.com and contained 400 username and password pairs. The author said that it’s only the “first teaser” of 6,937,081 hacked Dropbox accounts and asked for community support in the form of Bitcoin donations. The user also claimed to have access to photos, videos and other files from the compromised accounts.

“As more BTC [Bitcoin currency] is donated, more pastebin pastes will appear,” the post says.

At least five additional “teaser” posts appeared Monday and Tuesday on Pastebin, containing between 100 and 900 credentials each.

“Recent news articles claiming that Dropbox was hacked aren’t true,” Anton Mityagin, a Dropbox security engineer said Monday in a blog post “Your stuff is safe.”: https://blog.dropbox.com/2014/10/dropbox-wasnt-hacked/

According to Mityagin, the usernames and passwords posted were likely stolen from other services, but since the reuse of credentials for different online accounts is common among users, attackers tried to use them on different sites, including Dropbox.

“We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens,” he said.

In an update Tuesday to the blog post, Mityagin added that credentials on a new list that was leaked were checked and are not associated with Dropbox accounts.

The incident is somewhat similar to the dumping of 5 million Gmail addresses and passwords online in September. Many initially assumed those credentials were for Google accounts, but it turned out that they likely originated from other services where people used their Gmail addresses as usernames. Google concluded that less than 2 percent of the leaked credentials might have worked to log into Google accounts.

Mityagin encouraged Dropbox users not to reuse passwords across different services and to enable two-step verification for their Dropbox accounts: https://blog.dropbox.com/2014/10/have-you-enabled-two-step-verification/

“This was either a novel attempt at scaring people into setting up two factor authentication on accounts which allowed it, or a quick and dirty grab for Bitcoins,” said Chris Boyd, a malware intelligence analyst at security firm Malwarebytes, via email. “Given Dropbox’s claim there’s been no compromise and all of the ‘sample’ accounts were already expired, it’s looking more like the latter.”

“Anyone can post extravagant claims to Pastebin and while there’s no harm in changing a password once word of a potential breach gets out, we shouldn’t panic and wait until more concrete information comes to light,” Boyd said.

Using separate passwords for different online accounts might sound inconvenient, but it’s easy to do with a password management application, as long as it’s used securely: http://www.pcworld.com/article/2825892/what-you-should-consider-when-choosing-a-password-manager.html

(PCW)

Samker's Computer Forum - SCforum.info

Dropbox is (not) Hacked !?
« on: 14. October 2014., 19:11:09 »

 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.codekids.ba:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Kursevi programiranja za ucenike u Sarajevu

Terms of Use | Privacy Policy | Advertising
TinyPortal 2.3.1 © 2005-2023