clock menu more-arrow no yes mobile

Filed under:

Dropbox Says No Hacking Involved in Leak of Passwords

The credentials are real, but harvested from other services and outdated, Dropbox says.

Hundreds of alleged usernames and passwords for online document-sharing and storage site Dropbox were published Monday on Pastebin, an anonymous information-sharing website.

The anonymous user, who claims to have hacked close to seven million accounts, is calling for bitcoin donations to fund the operation. “We will keep releasing more to the public as donations come in, show your support,” the Pastebin user said on the site.

Dropbox, however, said it had not been hacked.

“These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We’d previously detected these attacks, and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well,” a Dropbox spokesman said in an email to Reuters.

Dropbox boasts more than 200 million users six years after it was started.

NSA whistleblower Edward Snowden last week advised those concerned about their privacy to “get rid of Dropbox” and cease using Facebook and Google.

(Reporting by Supriya Kurane in Bangalore; Editing by Gopakumar Warrier)

This article originally appeared on

Sign up for the newsletter Sign up for Vox Recommends

Get curated picks of the best Vox journalism to read, watch, and listen to every week, from our editors.