It appears that a common theme for this year’s cloud services news is to force us to reexamine our passwords and security. With certain iCloud accounts and a third-party Snapchat app being hacked, it looks like now could be a good time to change passwords and/or enable two-factor authentication where possible. A post on Reddit lists four pastebin files that link to a list of a few hundred usernames and passwords from Dropbox.
The Reddit user claims this is just a teaser for millions of usernames and passwords leaked. However, we might not need to panic just yet. Dropbox has already stated that they were not attacked (or at least they’re not the source of the leak). They said to The Next Web,
These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well.
Since the aforementioned user on Reddit claims the passwords actually do work, it’s still a matter of concern as the alleged leaker contradicts Dropbox’s claim that the leaked passwords were expired and invalid. It would thus be a great time to look into enabling two-step verification, which Dropbox happens to support. Also, I recommend not using the same passwords for all of your services because that may be how this leak happened. To learn more about two-step verification on Dropbox, be sure to check out their website.