The Droppening and the Dropbox hack

We have had “The Snappening”, “The Fappening” and now it looks like that we are going to have “The Droppening”.

Hackers have claimed that they have obtained a database which holds 7 million user credentials. Just like “The Snappening” case, the owners of the “breached” service, claims that the responsibility was at the end-user. DropBox claims that it was not their “DropBox” environment which got hacked, but it would have been “third-party” services which make use of DropBox.

DropBox claims that the hackers were able to obtain the 7 million credentials via the vulnerable third-party services.

Anton Mityagin, which is currently a security engineer at DropBox states that “Your DropBox stuff is safe”. The Dropbox engineer posted that in this blog post.

The Droppening and The Snappening

Now, I could be wrong – but it looks like that hackers are having a lot of fun, by simply hacking or abusing third-party services which make use of giant networks like Snapchat, iCloud and DropBox.

It is incredibly simple for the hackers to gain “lots” of data via vulnerable third-party service providers.

Leaked DropBox passwords

The leaked DropBox credentials have been harvested from resources outside of the official DropBox environment. The hackers have obtained a database of credentials, and they are trying these credentials on all type of services.

The reason behind this is very simple. People still use the same password for various services. The hackers know this, and they will try the stolen credentials to login at services like:

  • PayPal
  • Facebook
  • DropBox
  • iCloud
  • Twitter

Do you remember the breach in September? The hack on “Gmail” shocked a lot of people, but the fact was that the information was stolen from third-party services and not from “Google”.

The same credentials and additional credentials can be used by these hackers to login at the mentioned services above.

Now it will be only a matter of time, before the hackers will find “working” DropBox credentials. The hackers will exploit and publish these “dropbox” boxes.

The Droppening

The Droppening is the hack on the third-party services which connect to DropBox. The user which were using third-party services for Dropbox  can be affected by the latest hack.

We strongly urge everyone which might be affected by “The droppening” to reset their “DropBox” password, and their “e-mail” password.

It is only a matter of time, before the hackers will query your credentials in their 7 million credentials database.

  • Enable two-factor authentication
  • Do not use the same password for other services