Published: February 04, 2021
3 Minutes

Dropbox Not Hacked, But Your Account May Have Been Compromised


Jamie White

Contributing writer

+ More
A person using a laptop to protect their Dropbox account from potential cyber threats.

Be honest — how often do you use the same username and password on different websites or applications? According to InformationWeek, more than half of us do it.

Security experts warn that the practice leaves you vulnerable — if one site is hacked, your accounts on all sites and apps are compromised.

According to Dropbox, that’s exactly what happened in mid-October when someone posted 400 user names and passwords on Pastebin. Under the header, Hacked, First Teaser, the person posting claimed to have nearly 7 million Dropbox name and password combinations and asked for bitcoin donations to prompt the release of more.

Dropbox was quick to fire back that no breach had happened on its servers. Instead, according to a Dropbox blog post, “Your stuff is safe. The usernames and passwords…were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens.”

In a previous blog post, Dropbox urged users to adopt two step authentication, “The idea behind two-step verification is to combine ‘something you know’ (like your password) with ‘something you have’ (like your phone) to add an extra layer of security. Once you’ve enabled this feature, Dropbox will either text you a six-digit security code to enter after your password or you can get the code from an authenticator app like Google Authenticator, which is useful if you can’t get a cell signal. Having two steps rather than just one creates a stronger barrier against attackers.”

The takeaway: use different usernames and passwords on all websites and applications.

Editorial note: Our articles provide educational information for you. LifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Microsoft accidentally exposed 250 million customer records — What you should know
A Microsoft security breach exposed 250 million customer records on a database without password protection. Learn more.
Read More
Uber Data Breach Affects 57 Million Rider and Driver Accounts
Uber Technologies, Inc. disclosed that hackers stole the personal information of some 57 million customers and drivers. Learn more.
Read More
Target Data Breach Victims Could Get Up to $10,000
Target's massive data breach hit during the 2013 holiday shopping season. The retailer is proposing to offer victims up to $10,000 each in damages.
Read More
How to Check If You're Affected by the Equifax Data Breach
It’s easy to find out if you were affected by the Equifax data breach by using a look-up tool. Find out how from LifeLock.
Read More

Start your protection,
enroll in minutes.

Get discounts, info, protection tips, and more.

Sign up for promotional emails.