First  Prev  1  2  3  Next  Last
Post Reply Hacker Selling 68 Million Stolen Dropbox User Accounts on Dark Web
1521 cr points
Send Message: Send PM GB Post
M / USA
Offline
Posted 9/6/16 , edited 9/6/16
THE STOLEN DROPBOX DATA IS NOW AVAILABLE FOR SALE ON THE DARK WEB — YET ANOTHER BLOW TO THE ONLINE FILE HOSTING AND STORAGE GIANT.

On 31st August 2016, unknown hackers leaked 68 million Dropbox user accounts including login emails and encrypted passwords from a breach that took place in 2012. Initially, the leaked data was accessible to several breach notification sites such as Hacked-DB, LeakedSource, and HaveIbeenPwned, but now a vendor going by the online handle of “DoubleFlag” is selling the same DropBox data on a dark web marketplace known as TheRealDeal.

The data is being sold for BTC 02.000 (1209.38 US Dollar). The total number of accounts offered for sale are 68,679,804 which includes emails and encrypted passwords. There are 36,814,524 passwords that are encrypted with Secure Hash Algorithm 1 (SHA-1), 36,814,524 passwords are Brute force salt while 31,865,280 are encrypted with Blowfish encryption algorithm.

Remember, Blowfish is vulnerable to birthday attack, brute force salt is a random string added to a hash function to increase the security of decryption trys.

HackRead got in touch with the vendor who also shared 1000 Dropbox users’ data as a sample that shows email accounts from several email domains linked with the accounts and almost every user are also using the same email for their Facebook accounts.



We also contacted data breach notification company Hacked-DB and asked if these password hashes are easily crackable and according to them,

“It depends on the actual password complexity. SHA1 can be decrypted by using offline or online tools such as HashKiller.”

This is not the first time when such a massive amount of data went up for sale days after it was leaked. In fact, 2016 has been a bad year for tech and social media giants.

Earlier this year, hackers stole and sold 427 Million MySpace passwords on the same dark web marketplace; in May 2016, 117 million LinkedIn and 33 million Twitter login credentials and were listed on a dark web marketplace for sale.

Bad times for Dropbox just when they thought the nightmare was over… but it ain’t over till it’s over.

https://www.hackread.com/dropbox-data-goes-dark-web/
Dragon
58362 cr points
Send Message: Send PM GB Post
37 / M
Online
Posted 9/6/16 , edited 9/12/16
Just one more reason to not use the same password on multiple sites. I can't count how often someone claimed to be hacked in one place.. but actually was a result of a hack elsewhere and used the same email/pw combo.
632 cr points
Send Message: Send PM GB Post
24 / F
Offline
Posted 9/6/16
I really don't see the point in hacking dropbox?
I've only ever seen people upload art on it.
Posted 9/6/16
time to delete
Humms 
10561 cr points
Send Message: Send PM GB Post
24 / M / CAN, ON
Offline
Posted 9/6/16 , edited 9/9/16
Oh no! Not drop box.

What will happen to my excel spreadsheets, and my PDF files . What will I do? I sure hope my flash drive is still useful.

Seriously what do you do on Dropbox, share your bank info?
1521 cr points
Send Message: Send PM GB Post
M / USA
Offline
Posted 9/6/16

Humms wrote:

Oh no! Not drop box.

What will happen to my excel spreadsheets, and my PDF files . What will I do? I sure hope my flash drive is still useful.

Seriously what do you do on Dropbox, share your bank info?

You would be surprised how many careless people upload personal data, and even nudes to drop box.
10325 cr points
Send Message: Send PM GB Post
M
Offline
Posted 9/6/16 , edited 9/12/16

Chaossal wrote:

I really don't see the point in hacking dropbox?
I've only ever seen people upload art on it.


After cracking the credentials(not all of them will be cracked, depends on how secure the user's password is, and if their password has been leaked in plain text on another website), they'll test them on Paypal, Amazon, etc to see if they work. Then they can sell them or use them.
Also, the e-mails can be used for spamming advertisements, malware, and scams.


Humms wrote:

Oh no! Not drop box.

What will happen to my excel spreadsheets, and my PDF files . What will I do? I sure hope my flash drive is still useful.

Seriously what do you do on Dropbox, share your bank info?


If people upload private stuff on Dropbox that could damage their reputation, it could be used to blackmail them.
Dragon
58362 cr points
Send Message: Send PM GB Post
37 / M
Online
Posted 9/6/16 , edited 9/12/16

sasue11 wrote:

After cracking the credentials(not all of them will be cracked, depends on how secure the user's password is, and if their password has been leaked in plain text on another website), they'll test them on Paypal, Amazon, etc to see if they work. Then they can sell them or use them.
Also, the e-mails can be used for spamming advertisements, malware, and scams.


This, exactly this. Many people use the same info on multiple sites - banks and Netflix and little things like where they post art - so when one is cracked (the least secure, easiest to crack), the info will be tested on any number of other, more interesting sites.

Best case for them, they can get at your bank info.
Worst case for them, they can pretend that they're your bank and need you to contact them with your personal info, which they can use to access your other accounts or set up new ones in your name.

Either case for you, bad news.
17604 cr points
Send Message: Send PM GB Post
Beyond The Boundary
Offline
Posted 9/6/16 , edited 9/6/16
Everyone DELETE. I don't use Dropbox, feeew.
3415 cr points
Send Message: Send PM GB Post
22 / M
Offline
Posted 9/6/16 , edited 9/6/16

Norasuna wrote:
Everyone DELETE.
Only if it was that easy...

101 cr points
Send Message: Send PM GB Post
23 / F / Pennsylvania, USA
Offline
Posted 9/6/16
Boy oh boy. This is why we can't have nice things.
19863 cr points
Send Message: Send PM GB Post
69 / M / Limbo
Offline
Posted 9/6/16
I always knew this day would come... haha fuck these online based storage systems. Tf's so hard about getting an external harddrive.
3606 cr points
Send Message: Send PM GB Post
29 / F / Chicagoland ~
Offline
Posted 9/6/16 , edited 9/6/16

DRO1 wrote:

I always knew this day would come... haha fuck these online based storage systems. Tf's so hard about getting an external harddrive.


Pretty much. Flash drives and externals are a dime a dozen these days. I have so many of those suckers laying around that I wouldn't in a million years need to use online storage. And I don't even know where the heck I got half of them.
431 cr points
Send Message: Send PM GB Post
14 / M / USA
Online
Posted 9/7/16
33369 cr points
Send Message: Send PM GB Post
26 / M / Socal
Offline
Posted 9/7/16
Ha using my old password on there, I have a separate passwords.
First  Prev  1  2  3  Next  Last
You must be logged in to post.