Seven million Dropbox user account details stolen, claim hackers

Hacker group claims to have accessed files of millions of Dropbox users and threatens to publish them in exchange for Bitcoin

A hacker group has published hundreds of Dropbox usernames and passwords and is threatening to publish information about a further 6.9 million accounts if paid enough in Bitcoin.

The unnamed perpetrators used PasteBin to publish the alleged user details of hundreds of users of Dropbox, the cloud storage and collaboration platform used by many businesses as an enterprise tool.

"We will keep releasing more to the public as donations come in, show your support," the anonymous PasteBin post said.

However, Dropbox has already moved to quell suggestions that it has been hacked, with the firm putting out a statement claiming that if the user details have been stolen, they've been stolen from other services.

"These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts," said the statement.

"We'd previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well," the Dropbox spokesperson added.

Other providers of enterprise security solutions have been quick to pass comment on the alleged Dropbox hack.

"Public cloud file sharing services, such as Dropbox, typically co-mingle data from different customers. While this provides Dropbox with storage economies it reduces the control a customer has on where their data is stored and who has access to that information," said Claire Galbois, director of cloud solutions at Accellion, who suggested that Dropbox represents to risky a tool for organisations to be using at an enterprise level.

"Additionally, public cloud providers own the encryption keys to the data housed on their servers, rather than the customer, further increasing the risk of data exposure," she continued. "For most enterprise organisations these risks are too great and lead corporations and government agencies to select private cloud file sharing for the additional data protection."

Galbois suggested that organisations should invest in a secure, enterprise-ready cloud infrastructure, rather than relying on employees using the free services offered by Dropbox.

"With private cloud file sharing, enterprises retain control and ownership of their data and the encryption keys to access that data. This means that the enterprise organisation is in control of who can access that data including any government agency that requests information or metadata," she said.

"Dropbox's public cloud architecture is a large obstacle to winning enterprise deployments," Galbois concluded.

Earlier this year, NSA whistleblower Edward Snowden heavily criticised Dropbox, arguing that the firm was "hostile to privacy" and a "wannabe" collaborator in the US government's PRISM snooping programme.