The cloud storage service Dropbox on Monday night denied it was hacked, saying attackers used passwords and usernames stolen from other services to log into accounts.
It called on its users to enable two-step verification and not use the same password for multiple services to help avoid “attacks like these.”
{mosads}Dropbox said it automatically resets passwords when it detects suspicious activity.
“Your stuff is safe,” the company said on its blog. “The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the Internet, including Dropbox.”
Hackers had asserted they stole millions of usernames and passwords, according to reports, and threatened to post them online, unless donations were sent to a bitcoin account. Hundreds of passwords were posted on a site called Pastebin with hackers threatening to release more.
Dropbox, in an update to its blog, said a second round of passwords posted online were not for Dropbox accounts.
“A subsequent list of usernames and passwords has been posted online. We’ve checked and these are not associated with Dropbox accounts,” the company said.
The news comes immediately after the photo-sharing service Snapchat denied being hacked, when images and videos from as many as 200,000 of its users were posted online.