If you haven’t activated two-factor authentication on Dropbox yet, you may want to do so now, just in case you end up finding your credentials posted on the internet. A document posted on pastebin earlier contains 400 Dropbox usernames and passwords, which the poster claims are just a tiny fraction of a massive hack that compromises up to 7 million accounts. The poster has been asking for Bitcoin donations in exchange for more accounts, and by the looks of it, he got enough money, at least, to post another batch of log-in credentials within the same day. At the moment, it’s still unclear how the hacker(s) got a hold of the usernames and passwords, but the cloud service told Engadget that Dropbox itself has not been hacked.
Update: Dropbox again stated that it has not been hacked, this time in a blog post, and says security measures are in place to detect accounts compromised with log-in info stolen from other sites.
“These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts,” a spokesperson told us. “We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well.” Still want to ensure your account’s safety anyway? Head over to the Dropbox’s detailed explanation on how to turn on two-step authentication. Hopefully, when you log in to do so, the service has also restored any file a recent bug might have deleted from your folder.