Lawgier.net

The technical side of a french guy.

7 million Dropbox accounts in the wild

Ars Technica :

Popular online locker service Dropbox appears to have been hacked. A series of posts have been made to Pastebin purporting to contain login credentials for hundreds of Dropbox accounts, with the poster claiming that altogether 6,937,081 account credentials have been compromised

And this is the Dropbox answer:

Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We'd previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well.

While I'm changing my password, I think this is the right time for you to activate the two-factor authentication and subscribe to Have I've Been Pwned? website. This very useful tool automatically checks websites like Pastebin and others, where the results of those hacks are often published, and send you an email if any of the logins that you have and registered to Have I've been pwned are in those leaks. Very useful.

So, be careful with any third party service. And check 1Password or Dashlane too.