On Tuesday, Anton Mityagin of Dropbox updated the company blog with news that the cloud storage service has not been hacked despite recent reports. News of the supposed hack originated on Reddit where an anonymous individual claimed to have stolen credentials from 7 million accounts. This information is contained in four Pastebin files.
“Your stuff is safe,” Mityagin wrote. “The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens.”
He went on to encourage Dropbox customers to use two-step verification to better protect their files. Once this service is set up, users will either receive a six-digit security number via text, or they can choose to use a third-party verification app like Google Authenticator. While this may sound like a pain, it’s more secure than merely using a password.
Reports claim that the hacker released a portion of the supposed stolen Dropbox information to prove the hack is real and is accepting Bitcoin donations. More is to come, the hacker said. Meanwhile, Dropbox customers may need to change their passwords regardless if the hack is real or not.
News of the possible hack follow a recent problem with the Dropbox software. Many Dropbox users have discovered that their files were deleted thanks to the Selective Sync setting. This setting allows Dropbox users to manually select which files can be synced with devices and which files should remain in the cloud.
“We’ve fixed the Selective Sync issue that affected a small number of users and reached out to them to help restore their files,” a spokesperson told Tom’s Hardware. “Issues like this aren’t acceptable at Dropbox, and we’ve implemented additional testing to prevent this from happening again.”
Dropbox is offering a free year’s worth of Dropbox Pro for those affected by the Selective Sync glitch.