Navigation

    ML
    • Register
    • Login
    • Search
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups

    7 million Dropbox username/password pairs apparently leaked

    IT Discussion
    5
    12
    1043
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Ambarishrh
      Ambarishrh last edited by

      http://arstechnica.com/security/2014/10/7-million-dropbox-usernamepassword-pairs-apparently-leaked/

      1 Reply Last reply Reply Quote 2
      • Dashrender
        Dashrender last edited by

        Any my office wanted to know why I didn't want Dropbox on my network..

        OK yeah I know this is happening to everyone right now... but still.

        Thanks for the heads up.

        1 Reply Last reply Reply Quote 1
        • thanksajdotcom
          thanksajdotcom last edited by

          Dropbox's official statement is that they weren't hacked but the credentials were stolen from other services. Joy...

          1 Reply Last reply Reply Quote 0
          • ?
            A Former User last edited by

            Nice.. Glad I don't have any dropbox accounts.

            1 Reply Last reply Reply Quote 0
            • Ambarishrh
              Ambarishrh last edited by

              Passing on this link to all my users now:
              http://lifehacker.com/5938565/heres-everywhere-you-should-enable-two-factor-authentication-right-now

              1 Reply Last reply Reply Quote 0
              • scottalanmiller
                scottalanmiller last edited by

                So what service are they blaming?

                thanksajdotcom 1 Reply Last reply Reply Quote 0
                • thanksajdotcom
                  thanksajdotcom @scottalanmiller last edited by

                  @scottalanmiller said:

                  So what service are they blaming?

                  No clue, but they allow a lot of different services to tap into your Dropbox account, so it could be any of a number of them.

                  1 Reply Last reply Reply Quote 0
                  • scottalanmiller
                    scottalanmiller last edited by

                    Are you saying that those services get to see usernames and passwords? That accusation is orders of magnitude worse than a breach.

                    Any breach via a partner like that is still Dropbox' breach. Not a breach of another service.

                    thanksajdotcom 1 Reply Last reply Reply Quote 1
                    • thanksajdotcom
                      thanksajdotcom @scottalanmiller last edited by

                      @scottalanmiller said:

                      Are you saying that those services get to see usernames and passwords? That accusation is orders of magnitude worse than a breach.

                      Any breach via a partner like that is still Dropbox' breach. Not a breach of another service.

                      I am not sure. AFAIK, it's just an API they are tapping into. However, I really can't say for a certainty one way or another.

                      Dashrender scottalanmiller 2 Replies Last reply Reply Quote 0
                      • Dashrender
                        Dashrender @thanksajdotcom last edited by

                        @ajstringham said:

                        @scottalanmiller said:

                        Are you saying that those services get to see usernames and passwords? That accusation is orders of magnitude worse than a breach.

                        Any breach via a partner like that is still Dropbox' breach. Not a breach of another service.

                        I am not sure. AFAIK, it's just an API they are tapping into. However, I really can't say for a certainty one way or anotheI

                        If it was only an API, think Facebook logons, then there would be no U/P leakage. But the posting of U/P clearly shows that's not the case.

                        If as Scott mentions that 3rd parties get the usernames and passwords - that's even worse than this breach!

                        scottalanmiller 1 Reply Last reply Reply Quote 0
                        • scottalanmiller
                          scottalanmiller @thanksajdotcom last edited by

                          @ajstringham said:

                          I am not sure. AFAIK, it's just an API they are tapping into. However, I really can't say for a certainty one way or another.

                          There is a huge gap between them leveraging Dropbox' login API and sharing account data and passwords.

                          1 Reply Last reply Reply Quote 0
                          • scottalanmiller
                            scottalanmiller @Dashrender last edited by

                            @Dashrender said:

                            If as Scott mentions that 3rd parties get the usernames and passwords - that's even worse than this breach!

                            Yes, far worse. Anyone can have an accident. Sharing usernames and passwords is a breach of ethics, not security. I'm positive Dropbox is doing no such thing.

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post