Michal Marek According to reports that have appeared on the Internet in the last few hours, the Dropbox database, which collects the login information of almost 7 million users, has become the victim of a hacker attack. However, the representatives of Dropbox, which is behind the cloud storage of the same name, denied such an attack. They claim that the database of one of the third-party services, which also has access to Dropbox user credentials, was hacked. Of course, there are many such services, as there are hundreds of applications offering Dropbox integration – for example, as a synchronization service.
According to its own statement, Dropbox was not attacked by hackers. Unfortunately, usernames and passwords were allegedly stolen from other services' databases and then used to try to log into other people's Dropbox accounts. These attacks have reportedly been recorded in Dropbox before, and the company's technicians have invalidated the vast majority of passwords that were used without authorization. All other passwords have been invalidated as well.
Dropbox subsequently commented on the whole matter on its blog:
Dropbox has taken steps to ensure that leaked credentials cannot be misused and has invalidated any passwords that may have been leaked (and probably many more, just in case). The attackers have not yet released the entire stolen database, but only a sample of the part of the database that contains email addresses starting with the letter "B". The hackers are now asking for Bitcoin donations and say they will release more parts of the database once they receive more financial donations.
So if you haven't already done so, you should log into your Dropbox and change your password. It would also be wise to view the list of logins and app activity associated with your account on the Dropbox website in the security section, and possibly remove authorization from apps you don't recognize. None of the authorized apps linked to your Dropbox account will automatically log you out if you change your password.
It is highly recommended to enable double security on any account that supports such a feature, which Dropbox does. This security feature can also be turned on in the security section of Dropbox.com. If you've been using your Dropbox password elsewhere, you should immediately change your password there as well.
Well, so it's not possible to publish which third party it was? I think that would help people the most.
I don't think the name of the 3rd party is known yet
Quite possibly not the only one…
A confused article that does not describe what happened.
Someone who obtained a database of names and passwords that has nothing to do with Dropbox tried these credentials for that service as well. ( Tried to take advantage of people having the same names and passwords on multiple servers )