This article is more than 1 year old

'Dropbox passwords' for sale are all EXPIRED: Bitcoin buyers beware

Pastebin: Still not exactly the Oracle of Truth

Yet another fraudster is struggling to relieve suckers of their Bitcoin after publicly posting what's purported to be a cache of no less than 7 meellion Dropbox login credentials.

A guest poster on Pastebin posted three documents, all claiming to be a subset of "the massive hack of 7,000,000 accounts". The posts said there are "More to come" if punters "keep showing your support" by making Bitcoin payments to the author.

Unfortunately for the poster, most of the 400 credentials posted as "proof" of the hack were already expired, Dropbox told The Next Web.

"Dropbox has not been hacked," the company told the outlet. "These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts.

"We'd previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well."

The Reg's check of the nominated account reveals no one has paid.

Dropbox says on its website that it uses the "best tools and engineering practices available to build and maintain" the service and uses AES-256 encryption to protect stored files, but El Reg could not find a reference to the security mechanisms it used to protect passwords, aside option second factor authentication.

Nor was a warning to users readily apparent at the time of writing. Dropbox has form going quiet on threats: it felt a forum post was enough notification of the Heartbleed mess when news of that flaw broke.

The failed fleecing serves as a timely reminder to never pay money into Bitcoin wallets listed on Pastebin. ®

More about

More about

More about


Send us news

Other stories you might like