Fears of a Dropbox data breach were sparked earlier this week when a few hundred username and password combinations were posted to Reddit Oct. 13. The poster claims they are a portion of a larger collection of Dropbox credentials, The Next Web reported. The user also said there is “more to come” and asked for Bitcoin donations in exchange for leaking more usernames and passwords.
The same day, Dropbox responded with a statement saying it wasn’t hacked:
“The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox,” a post to the company’s blog says.
But does that mean you need to change your Dropbox password? If you’re worried, better to change your password for the peace of mind, experts say.
“You have nothing to lose by changing your password,” said Adam Levin, fraud expert and chairman and co-founder of Credit.com. “It’s the “chicken soup” defense. It may not help, but it certainly won’t hurt to do it.”
Incidents like this are a good reminder to frequently update your login credentials on all services you use. Oftentimes, companies will prompt you to reset your password if they detect an attack — Dropbox does this — while other sites have set password expiration dates as a security measure. Regardless of a site’s practices, it’s a good idea to monitor your accounts for unauthorized activity and change your login as soon as you see something out of the ordinary.
Yes, it’s really annoying to have to change your passwords all the time, considering you probably have dozens of online accounts you can’t fully keep track of, but neglecting password security could come back to bite you. One compromised account could lead hackers to your sensitive information — potentially your financial accounts — and if they have enough to steal your identity, you might have a huge mess ahead of you.
Taking preventative measures is important, but practicing good defense is just as crucial. As part of your daily routine, you should watch your online accounts (financial and otherwise) for signs of unauthorized activity, so if you see something suspicious, you can quickly act to stop it. You should also monitor your credit scores for sudden changes, which can indicate fraud or identity theft — you can get two of your credit scores for free with updates every 30 days on Credit.com — and your credit report will clearly show you if someone has opened accounts in your name or run up a credit card balance without your knowledge. You’re entitled to free copies of your credit report, which you can get through AnnualCreditReport.com.
More on Identity Theft:
- Identity Theft: What You Need to Know
- What Should I Do If I’m a Victim of Identity Theft?
- How Credit Impacts Your Day-to-Day Life