Cloud storage provider Dropbox is still busy refuting reports it was hacked and 7 million user accounts were compromised. In a blog post update Tuesday, Oct. 14, the services provider claims it has reviewed the data posted by hackers and it's not its data.
The security firestorm was lit by postings first on Reddit and then Pastebin. The Reddit thread claimed to boast links to files housing Dropbox account data, with passwords and usernames for easy reading. On the Pastebin post the claim was that hackers hit 7 million Dropbox accounts and had shared about 400 in a semi-ransom approach, stating more data would be posted if readers supported the move by donating bitcoin.
"A subsequent list of usernames and passwords has been posted online. We've checked and these are not associated with Dropbox accounts," states the Dropbox blog posting early Tuesday morning.
In its first response to the claims Dropbox emphatically denied the news reports.
"Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the Internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens," states the post, which also urges Dropbox users to change account information just to be more secure.
"Attacks like these are one of the reasons why we strongly encourage users not to reuse passwords across services. For an added layer of security, we always recommend enabling 2-step verification on your account," states the post.
The news comes amid a continuing wave of security hacks and breaches this year.
In June, as Tech Times reported, AT&T confirmed a service provider had been hacked back in April and the incident had compromised user data. Megaretailer Home Depot reported a security breach in early September that hit stores across the country. Hackers broke into the point-of-sale system, possibly infecting each of its 2,266 nationwide locations.
But big telecoms and retailers aren't the only ones getting hacked and coming under attack. In early October, JPMorgan Chase & Co. announced 76 million households and 7 million small businesses had been compromised in a hack. Google Gmail isn't even immune. The email service was hit in September with about 5 million Gmail account details discovered on a Russian Bitcoin Security Forum.
Such hacks don't just hurt brand and consumer confidence. According to a recent IBM report, one data record lost in a breach costs a company $145, and the average cost of a single breach is $3.5 million.