6 comments

[ 3.4 ms ] story [ 29.3 ms ] thread
This is not necessarily a Dropbox hack. Maybe somebody ran a list of other stolen credentials against Dropbox, used a third-party app to trick people into giving their Dropbox email and password, or was simply a trojan. Anyway, what's the common theme here? - Bitcoin!
Considering some of the passwords in that pastebin have "expired", I would imagine they were real and they now require a password reset.
I never said they were not real, only that it's users' hack, not necessarily Dropbox' one. I see a bunch of articles asking people to change their passwords - if they believe Dropbox is hacked and not patched yet, changing the password won't do any good. It could even be worse. Anyway, given the fact that passwords in clear texts leaked and that Dropbox doesn't store in clear text (they've had multiple articles on the subject in the past), it's most probably not really a Dropbox hack. Given they recently blogged about phishing [1], I'm sure they were already aware of what's going on.

[1] https://blog.dropbox.com/2014/10/dont-get-baited-by-phishing...

I found it hard to believe that Dropbox allows passwords such as "abc123", so I checked the password requirements. Turns out they don't explicitly state any limitations: http://i.imgur.com/v4h0g8D.png

That being said, I still do not believe this leak is legitimate.

Its also hard to believe that dropbox would store passwords in plaintext, if this is real then their in some deep sh*t for storing passwords in plain text.

Or were the hackers able to decrypt all the passwords, unlikely?

They sure don't. They've had numerous articles on the subject in the past.