Dropbox users, it may be time to update your passwords and enable two-factor authentication. A hacker claims to have stolen some 7 million usernames and passwords for the popular cloud-based file storage and sharing service.
Someone posted a series of links on reddit Monday evening to files that purportedly contain a sample of the stolen usernames and passwords. Several redditors say at least some of the passwords were working at the time they were posted.
Anton Mityagin, from the Dropbox security team, wrote in a blog entry that the company’s servers were not hacked.
The blog was updated to add that passwords later posted online did not belong to current Dropbox accounts.
The company told The Next Web that it noticed suspicious activity linked to some of the associated accounts months ago and automatically reset the passwords.
To change your password, log in to your Dropbox account, click on your name and choose “settings.” Then, click on the security tab. You can also enable two-factor verification, which requires either a cellphone or an app. A code will be sent to the cellphone or app whenever you — or a would-be hacker — attempt to access the account from a new device.
The security page will show you all devices that have been linked to your account as well as which ones are currently logged in.
Some Dropbox accounts were compromised in 2012 when the company said a hack of third-party websites exposed Dropbox passwords. In addition, a company Dropbox account was accessed, exposing user email addresses, according to CNET.