Dropbox have confirmed that hundreds of accounts may have been compromised but state that their servers weren’t hacked or compromised. The username and passwords apparently were “stolen from unrelated services” according to a blog post at Dropbox.com.
A user of the Pastebin service was responsible for publishing the logon details for around 400 dropbox users. Apparently they are just part of a haul of up to 7 million Dropbox user credentials which will be released for BitCoin payment. The passwords were still available at the time of writing.
Pastebin is a service that allows users to paste plain text and share that text via a URL. It’s commonly used to share code and log files amongst technical users but is increasingly at the heart of data leaks such as TheFappening, which saw leaked photos of celebrities shared online, with Pastebin being used to share the URLs.
If you are a Dropbox user, which a great many Android users are – anyone using Samsung or HTC devices commonly get upgrades to their DropBox storage – we would advise that you reset all of your passwords immediately. This is a great reason why you shouldn’t re-use passwords across multiple sites.