The Channel logo


By | Darren Pauli 14th October 2014 04:02

'Dropbox passwords' for sale are all EXPIRED: Bitcoin buyers beware

Pastebin: Still not exactly the Oracle of Truth

Yet another fraudster is struggling to relieve suckers of their Bitcoin after publicly posting what's purported to be a cache of no less than 7 meellion Dropbox login credentials.

A guest poster on Pastebin posted three documents, all claiming to be a subset of "the massive hack of 7,000,000 accounts". The posts said there are "More to come" if punters "keep showing your support" by making Bitcoin payments to the author.

Unfortunately for the poster, most of the 400 credentials posted as "proof" of the hack were already expired, Dropbox told The Next Web.

"Dropbox has not been hacked," the company told the outlet. "These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts.

"We'd previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well."

The Reg's check of the nominated account reveals no one has paid.

Dropbox says on its website that it uses the "best tools and engineering practices available to build and maintain" the service and uses AES-256 encryption to protect stored files, but El Reg could not find a reference to the security mechanisms it used to protect passwords, aside option second factor authentication.

Nor was a warning to users readily apparent at the time of writing. Dropbox has form going quiet on threats: it felt a forum post was enough notification of the Heartbleed mess when news of that flaw broke.

The failed fleecing serves as a timely reminder to never pay money into Bitcoin wallets listed on Pastebin. ®

comment icon Read 8 comments on this article or post a comment alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


Suit-and-tie-wearing man tries to meditate, take deep breaths in faux yoga pose. Photo by Shutterstock
Emotional intelligence, not tech skills, is the way to woo suits
League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe