Nearly 7 million Dropbox usernames and passwords have been reportedly hacked, apparently from third-party apps that allowed users of app to access their accounts. The leak was sighted on a site called “Pastebin, where hackers have already leaked about 400 accounts site address http://pastebin.com/NtgwpfVm. The hackers promised to release more accounts in return for “Bitcoin” donations. The hackers claim to have over 6.9 million email addresses and passwords belonging to Dropbox users.
In a statement Dropbox denied that it was hacked: This is not very Surprising………
Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We'd previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have expired as well.
Does it sound familiar? It's a similar response to the one Snapchat had provided when hackers were able to obtain about 100,000 photos from the service through a third-party apps. This establishes that the fact: the mobile app's core feature - delivering photos and videos that vanish seconds after viewing - is flawed. Snapchat then claimed that its servers weren't hacked, but the servers of a third-party app designed to save Snapchat photos.
The real problem in both cases appears to be the way popular services allow third-party apps to use their platform. Even though Dropbox's own servers weren't hacked, the service still allows third-parties access, which has become the target for hackers to obtain personal information. Dropbox is sending affected users emails encouraging them to reset their passwords.
This is an alarming situation. Services like Dropbox, Snapchat, and Apple have pushed blame on users and other third parties following recent reported hacking attempts when it's clear they're not doing enough to scrutinize the kinds of apps that have access to their platforms.
This brings me to an important question, are we safe while using such services. Is our data and identity being protected by service provider? Can the regulators help us by framing appropriate laws that will ensure accelerated usage of such services?