October 13, 2014 Statement from LinkedIn;
‘Recent news articles claiming that Dropbox was hacked aren’t true. Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens.
Attacks like these are one of the reasons why we strongly encourage users not to reuse passwords across services. For an added layer of security, we always recommend enabling 2 step verification on your account.’
Same Password for Multiple Accounts
What is more likely is that Dropbox itself has not been hacked, but a third-party service was hacked and accounts farmed from this. This could greatly reduce the number of accounts actually compromised.
So it seems that the hackers used the list of farmed emails & passwords obtained to see which ones worked on other services. This was possible due to people using the same password for multiple accounts.
Users should have different passwords for different sites. KeePass Password Safe is an easy-to-use password manager.
KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish).”
Nakedsecurity – ‘According to Ofcom’s “Adults’ Media Use and Attitudes Report 2013” report, a poll of 1805 adults aged 16 and over discovered that 55% of them used the same password for most – if not all! – websites.’
So it seems Dropbox is not storing passwords in plaintext or using any form of a weak hashing algorithm.
pastebin.com and search ‘dropbox’
Don’t forget to change passwords for any account using the same password.