
Dropbox possibly compromised, password dump “teasers” appearing on Pastebin - jsmthrowaway
http://pastebin.com/NtgwpfVm
======
kolev
This is not necessarily a Dropbox hack. Maybe somebody ran a list of other
stolen credentials against Dropbox, used a third-party app to trick people
into giving their Dropbox email and password, or was simply a trojan. Anyway,
what's the common theme here? - Bitcoin!

~~~
a_5mith
Considering some of the passwords in that pastebin have "expired", I would
imagine they were real and they now require a password reset.

~~~
kolev
I never said they were not real, only that it's users' hack, not necessarily
Dropbox' one. I see a bunch of articles asking people to change their
passwords - if they believe Dropbox is hacked and not patched yet, changing
the password won't do any good. It could even be worse. Anyway, given the fact
that passwords in clear texts leaked and that Dropbox doesn't store in clear
text (they've had multiple articles on the subject in the past), it's most
probably not really a Dropbox hack. Given they recently blogged about phishing
[1], I'm sure they were already aware of what's going on.

[1] [https://blog.dropbox.com/2014/10/dont-get-baited-by-
phishing...](https://blog.dropbox.com/2014/10/dont-get-baited-by-phishing-or-
malware/)

------
minimaxir
I found it hard to believe that Dropbox allows passwords such as "abc123", so
I checked the password requirements. Turns out they don't explicitly state any
limitations: [http://i.imgur.com/v4h0g8D.png](http://i.imgur.com/v4h0g8D.png)

That being said, I still do not believe this leak is legitimate.

------
majidarif
Its also hard to believe that dropbox would store passwords in plaintext, if
this is real then their in some deep sh*t for storing passwords in plain text.

Or were the hackers able to decrypt all the passwords, unlikely?

~~~
kolev
They sure don't. They've had numerous articles on the subject in the past.

