Hackers hold 7 million Dropbox passwords

 

            Hackers are threatening a major breach in Dropbox security, having claimed to have stolen the login details of almost 7 million users, and promising to release more password details if they're paid a Bitcoin ransom. However, Dropbox has denied it has been hacked, saying the passwords were stolen from third-party services. An entry on Pastebin, posted on October 13 at 4:10 p.m. CDT, shows a list of 400 emails and matching plain text passwords, claimed to be part of a large-scale Dropbox hack.

            The login details for the 400 email addresses, each one starting with the letter B, have been labelled as a "first teaser...just to get things going". The perpetrators are also promising to release more details if they're paid for the information. it is unclear how the account details were accessed and, indeed, whether or not they are actually legitimate. However, the hackers claim to have accessed details from 6,937,081 individual accounts and are threatening to release photos, videos and other files.

However, a Dropbox spokesperson has denied the hack:

            Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We'd previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well. 

     If one thing can be learnt from the alleged breach, it's that passwords should consist of more than two letters, and should probably not contain your own name.