Dropbox Passwords: What to Do After The Leak

There is no Dropbox hack according to the company, but a new leaked list of 400+ Dropbox passwords and usernames is just a small part of what hackers claim is over 7 million Dropbox passwords and usernames.

If you use Dropbox this is the perfect time to take two actions to make sure your files are secure and safe. If someone gains access to your Dropbox account they can see your photos, personal documents and much more. In addition to using your data they could simply wipe out your Dropbox data.


This leak comes after SnapChat photos saved by third-party services appeared online earlier this week and leaves users with a some concerns.

We’ll explain what’s going on and what you need to do now to make sure your Dropbox password is safe.

Dropbox Passwords Leaked

The Next Web discovered a list of potential Dropbox passwords and usernames on Reddit on October 13th. This small sample of 400 usernames and passwords included some working combinations according to Reddit users. The files include a request for donations to unlock nearly 7 million Dropbox passwords and usernames. As more money rolls in the user or group will make additional Dropbox passwords public.


Almost 7 million Dropbox passwords are online, but the company claims there was no Dropbox hack. Gil C / Shutterstock.com

Almost 7 million Dropbox passwords are online, but the company claims there was no Dropbox hack. Gil C / Shutterstock.com


Dropbox issued a statement last night saying there was no Dropbox hack. the company alleges that the leaks came from other services, suggesting that any working Dropbox passwords came from users with the same username and password across multiple websites.

Dropbox responded with the following statement:

“Recent news articles claiming that Dropbox was hacked aren’t true. Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens.”

The company did not name the third-party service that the hacker compromised. Dropbox recommends enabling two-factor security to protect your Dropbox account even better.

Dropbox Passwords and 2 Factor Protection

Even though this leak did not originate with Dropbox according to their statements, the fact that some users are able to log in with these Dropbox passwords means you should still reset your Dropbox password, especially if you use the same passwords on multiple services.


Log in to Dropbox -> Click on your name in the upper right -> Click on Settings -> Click on Security -> Change password -> enter your old password and a new password. Save and you are now good.

If you don’t already use one, this is a good time to get a service like LastPass or 1Password to remember and generate secure passwords for all of your websites.

After you change your Dropbox password you should turn on Two-Step verification. This adds a second layer to logging in. You need to have your password and a six digit code that you can see on your phone to log in. You need an app like HDE OTP or Google Authenticator or you can opt to have text message codes sent to your phone.