7 million Dropbox username/password pairs apparently leaked
-
Any my office wanted to know why I didn't want Dropbox on my network..
OK yeah I know this is happening to everyone right now... but still.
Thanks for the heads up.
-
Dropbox's official statement is that they weren't hacked but the credentials were stolen from other services. Joy...
-
Nice.. Glad I don't have any dropbox accounts.
-
Passing on this link to all my users now:
http://lifehacker.com/5938565/heres-everywhere-you-should-enable-two-factor-authentication-right-now -
So what service are they blaming?
-
@scottalanmiller said:
So what service are they blaming?
No clue, but they allow a lot of different services to tap into your Dropbox account, so it could be any of a number of them.
-
Are you saying that those services get to see usernames and passwords? That accusation is orders of magnitude worse than a breach.
Any breach via a partner like that is still Dropbox' breach. Not a breach of another service.
-
@scottalanmiller said:
Are you saying that those services get to see usernames and passwords? That accusation is orders of magnitude worse than a breach.
Any breach via a partner like that is still Dropbox' breach. Not a breach of another service.
I am not sure. AFAIK, it's just an API they are tapping into. However, I really can't say for a certainty one way or another.
-
@ajstringham said:
@scottalanmiller said:
Are you saying that those services get to see usernames and passwords? That accusation is orders of magnitude worse than a breach.
Any breach via a partner like that is still Dropbox' breach. Not a breach of another service.
I am not sure. AFAIK, it's just an API they are tapping into. However, I really can't say for a certainty one way or anotheI
If it was only an API, think Facebook logons, then there would be no U/P leakage. But the posting of U/P clearly shows that's not the case.
If as Scott mentions that 3rd parties get the usernames and passwords - that's even worse than this breach!
-
@ajstringham said:
I am not sure. AFAIK, it's just an API they are tapping into. However, I really can't say for a certainty one way or another.
There is a huge gap between them leveraging Dropbox' login API and sharing account data and passwords.
-
@Dashrender said:
If as Scott mentions that 3rd parties get the usernames and passwords - that's even worse than this breach!
Yes, far worse. Anyone can have an accident. Sharing usernames and passwords is a breach of ethics, not security. I'm positive Dropbox is doing no such thing.