We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
MSE News: Details of 68 million Dropbox accounts stolen in hack – check yours NOW
Options
Legacy_user
Posts: 0 Newbie
Sensitive information belonging to tens of millions of Dropbox users is now being sold online...
Read the full story:
'Details of 68 million Dropbox accounts stolen in hack – check NOW to see if yours have been compromised'
Click reply below to discuss. If you haven’t already, join the forum to reply. If you aren’t sure how it all works, read our New to Forum? Intro Guide.
'Details of 68 million Dropbox accounts stolen in hack – check NOW to see if yours have been compromised'
Click reply below to discuss. If you haven’t already, join the forum to reply. If you aren’t sure how it all works, read our New to Forum? Intro Guide.
0
Comments
-
We've confirmed that the proactive password reset we completed last week covered all potentially impacted users," said Patrick Heim, Head of Trust and Security for Dropbox. "We initiated this reset as a precautionary measure, so that the old passwords from prior to mid-2012 can’t be used to improperly access Dropbox accounts. We still encourage users to reset passwords on other services if they suspect they may have reused their Dropbox password.”
A spokesperson told Motherboard that Dropbox has seen no evidence of malicious access of these accounts.
http://motherboard.vice.com/read/hackers-stole-over-60-million-dropbox-accounts0 -
That's why my birthdate is wrong, and my sex is the opposite on my Facebook account.
0 -
Thanks, we've updated the article to reflect this.
MSE Nick0 -
While I can't prove it, I strongly suspect that my stolen Dropbox login details (email address & password) were already used yesterday to fraudulently try to obtain goods from Amazon. Here's my experience - beware!
I (foolishly?) used the same email/password combo on both DropBox and Amazon. Yesterday, out of the blue, I got an email congratulating me on signing up to Amazon Prime (I hadn't). Later I got some ApplePay notifications indicating my linked credit card had been used 4-5 times at Amazon (I hadn't used it).
I then got an email from Amazon Prime Now confirming my order of an iPhone 5s, case and cover to be delivered later yesterday evening to an address in North London. Now I don't have the Amazon Prime Now App and also don't live in London, but the delivery address on the order was one listed on my Amazon account (a family member to whom I had once sent a gift).
I logged into my Amazon account but there was no record of these orders. I called my credit card company who confirmed that the pending transactions definitely originated from Amazon. I called Amazon - they couldn't see any orders on my account either. I gave them the Amazon Prime Now order number from the email. They transferred me to their Amazon Prime Now team who found the order on a different system which is not available via their website.
The Amazon Prime Now team confirmed the orders had been placed via the app but could not cancel them (!) in their system. They told me I had to download the app myself, wait for the despatch confirmation and then press a button in the app to call the driver and tell him not to deliver it. By this point I was not very happy at all.
So I downloaded the app, logged in and found the orders, which had been placed with a contact mobile number I did not recognise. When the despatch alert came, I tried to call the driver, but could not get through. In the meantime I alerted the family member who had to answer the door to the driver and refuse the delivery. I then got an email confirming it would all be refunded. Shortly after, the family member reported seeing a man in a suspicious silver car waiting around outside their home. Scary stuff late at night in North London which should never have happened.
Amazon Prime Now have since apologised for any inconvenience and refunded all of the items. They noted that the perpetrator would not have had access to my full credit card details. I have also changed the passwords and removed all redundant addresses from the Amazon account, which I am also now going to delete. I also reported the situation to ActionFraud via their website.
As I said at the top, I cannot prove this was linked to the DropBox compromise, but all the evidence I have points that way.
The thing that baffles me most is why they went to all this trouble to try to get just an iPhone 5s. You think they'd at least try and scam a decent phone...0 -
Thanks for the heads-up MSE, would have been helpful if Dropbox could have bothered to inform us users, seeing as we're pretty much forced to use the account with many phones today.
I hope I've been lucky, I do use different passwords for different accounts but went online to check to see if there was any additional information which wasn't mine (eg additional devices linked, additional pictures and so on) and so far nothing shows up. It doesn't show everything (logs of times that information had been accessed would have been helpful) but as pictures go I don't think they'll have too much of a field day with my account unless they like to look at pictures of fireworks taken badly and close ups of flowers!0 -
Thanks for the heads-up MSE, would have been helpful if Dropbox could have bothered to inform us users, seeing as we're pretty much forced to use the account with many phones today.
I hope I've been lucky, I do use different passwords for different accounts but went online to check to see if there was any additional information which wasn't mine (eg additional devices linked, additional pictures and so on) and so far nothing shows up. It doesn't show everything (logs of times that information had been accessed would have been helpful) but as pictures go I don't think they'll have too much of a field day with my account unless they like to look at pictures of fireworks taken badly and close ups of flowers!
Turn on two factor authentication and then a hacker would need your phone as well as your password to gain access...0 -
fiendishlyclever wrote: »Turn on two factor authentication and then a hacker would need your phone as well as your password to gain access...
Thanks, it was already set, not actually used the account for almost a year now- my new handset didn't have it as bloatware and I didn't want to add it either!0 -
I only have photos on D box (and dont seem to need a password, just click on the shortcut on screen. Do I have any need to worry ?0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.9K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 243.9K Work, Benefits & Business
- 598.8K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards