You might have heard the news yesterday about Dropbox being hacked. At least that’s what everyone initially thought when a text file posted on Pastebin claimed to have over 400 email and password combinations that put Dropbox accounts at risk. It was claimed that over seven million accounts were at risk and the leaker had promised to upload more. Dropbox quickly issued a statement saying that the credentials were stolen from third party services. In a new blog post the company reiterates that its systems weren’t hacked and that users’ files remain safe.
“Recent news articles claiming that Dropbox was hacked aren’t true,” the company says, adding that “Your stuff is true.” It explains that the usernames and passwords which were leaked online were stolen from “unrelated services” and at no point were the company’s own servers breached.
These stolen credentials were then used to log into sites across the internet, including Dropbox, but as the company detected suspicious activity it started resetting passwords automatically of users who might have been hit by this leak. When another list of credentials was posted online Dropbox checked those out too and confirmed that they were not associated with any of its accounts.