Security Affairs
Adobe ColdFusion flaw CVE-2026-48282 now exploited in the wild|Hidden Web Prompts Trick AI Agents Into Sending Money|Seven Bugs in FatFs Put IoT and Embedded Devices at Risk|Bad Epoll Flaw Gives Attackers Root Access on Linux and Android|Medtronic Notifies 3.8 Million After ShinyHunters Data Breach|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Adobe ColdFusion flaw CVE-2026-48282 now exploited in the wild|Hidden Web Prompts Trick AI Agents Into Sending Money|Seven Bugs in FatFs Put IoT and Embedded Devices at Risk|Bad Epoll Flaw Gives Attackers Root Access on Linux and Android|Medtronic Notifies 3.8 Million After ShinyHunters Data Breach|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|
Advertisement

Ad Placeholder

Full Width × 90

Cyber Crime

7 million DropBox credentials apparently leaked

Hundreds of Dropbox Passwords allegedly Leaked were publisehd online, but the company reassures its users confirming that its systems were not violated. It’s up to DropBox, an archive of nearly 7 million Dropbox login credentials has been published on PasteBin. A guest account post on Pastebin four different documents, all claiming to be part of […]

7 million DropBox credentials apparently leaked

Hundreds of Dropbox Passwords allegedly Leaked were publisehd online, but the company reassures its users confirming that its systems were not violated.

It’s up to DropBox, an archive of nearly 7 million Dropbox login credentials has been published on PasteBin. A guest account post on Pastebin four different documents, all claiming to be part of “the massive hack of 7,000,000 accounts”. The author also anticipated that there are “More to come” if punters “keep showing your support” by making Bitcoin payments to the author.

Other sources report that the data leak apparently surfaced on this Reddit thread, where some Reddit users who have tested the credentials have confirmed that many of them still work.  Reading the comments it seems that Dropbox in response to the data leakage has reset all the accounts listed in the Pastebin.

dropbox announcement

Unfortunately for the mysterious hacker, most of the 400 credentials posted as proof of the hack were no more valid, meantime Dropbox denies its systems were hacked and sustains that data have a different origin.

Dropbox has not been hacked,” the company told the outlet. “These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts.

“We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well.” states Anton Mityagin in an official announcement from the company. “Recent news articles claiming that Dropbox was hacked aren’t true. Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens.”

According to the DropBox, a subsequent list of credentials has been disclosed online, but checks made by the company confirms that the new wave of username and password are not associated with Dropbox accounts.

DropBox anyway urges its customers to enable 2 step verification for the authentication of their accounts.

Pierluigi Paganini

(Security Affairs –  DropBox, data leakage)