Although Dropbox claims it wasn’t hacked according to an official statement released on its blog, as many as seven million Dropbox accounts may have been compromised, with a sampling of hundreds of those usernames and passwords leaked via four Pastebin files that were uploaded to Reddit by an anonymous user. The original poster promised to upload more usernames and passwords associated with Dropbox accounts in exchange for Bitcoin donations. Several Redditors commenting on the thread claim that the login credentials were still valid as of the posting. These photos on Brian and Laura’s registry site may even be at risk because of the breach.
Dropbox claims that it has measures in place to detect suspicious activity and will expire passwords when such activity occurs. However, the site recommends that users enable two-step verification so that their accounts cannot be accessed with only a password. Dropbox also recommends not reusing the same passwords for different accounts across the Web.