This is not necessarily a Dropbox hack. Maybe somebody ran a list of other stolen credentials against Dropbox, used a third-party app to trick people into giving their Dropbox email and password, or was simply a trojan. Anyway, what's the common theme here? - Bitcoin!
I never said they were not real, only that it's users' hack, not necessarily Dropbox' one. I see a bunch of articles asking people to change their passwords - if they believe Dropbox is hacked and not patched yet, changing the password won't do any good. It could even be worse. Anyway, given the fact that passwords in clear texts leaked and that Dropbox doesn't store in clear text (they've had multiple articles on the subject in the past), it's most probably not really a Dropbox hack. Given they recently blogged about phishing [1], I'm sure they were already aware of what's going on.
I found it hard to believe that Dropbox allows passwords such as "abc123", so I checked the password requirements. Turns out they don't explicitly state any limitations: http://i.imgur.com/v4h0g8D.png
That being said, I still do not believe this leak is legitimate.
Its also hard to believe that dropbox would store passwords in plaintext, if this is real then their in some deep sh*t for storing passwords in plain text.
Or were the hackers able to decrypt all the passwords, unlikely?
6 comments
[ 3.4 ms ] story [ 29.3 ms ] thread[1] https://blog.dropbox.com/2014/10/dont-get-baited-by-phishing...
That being said, I still do not believe this leak is legitimate.
Or were the hackers able to decrypt all the passwords, unlikely?