A hacker claimed to have stolen 7 million Dropbox accounts yesterday, but I have doubts about his story.
OK, so bear with me with this one. Say you're a hacker, right? You read the news, you know the stories and you might even stumble across Kim Komando's blog once in a while. So the first thing you're going to notice is that massive hacks get attention.
Here's the problem with pulling off a massive hack of your own: You're not very good at this whole hacking thing. Your finger is on the pulse of hacker news, though, so you also know that people's trust in the cybersecurity industry is at an all-time low.
The first thing that you have to pick is a target. The hacker in this story picked Dropbox, and posted a few hundred username/password combinations on an online discussion board before promising 7 million more if people donated untraceable bitcoins to him.
If a real hacker had stolen 7 million Dropbox accounts, then you can rest assured that they'd be on shadowy underground marketplaces within an hour or so. He or she could make much more money by posting the information where more people will buy it.
This hacker might very well have stolen Dropbox information, but I'm inclined to believe Dropbox's claim that the site wasn't, in fact, hacked.
Now, I'm not saying that you shouldn't be concerned, but I've checked into this thoroughly and Dropbox is already claiming that it was never hacked on its blog. In fact, the company says that the username/password combinations that the hacker found were all from old methods of signing in to Dropbox.
The "7 million" number is big enough to hit headlines and could make this hacker some serious cash. So in this case, the idea of the hack could be more profitable to an unskilled hacker than the hack itself.
Whether a hacker stole Dropbox accounts or not, you can easily do one important thing to keep your Dropbox account safe from any potential attackers. Enabling two-step verification can keep you safe in the cloud. I explain how to do it in this tip.
Why does two-step verification keep you safe? Well, the hacker could have potentially found another hacker's information dump for a site that users might have used to log in to Dropbox. With two-step verification, someone trying to breach your account would have to know another secret code to get in.
This secret code wouldn't be available through whatever information the hacker had stolen, so their chances of getting into your account would be much lower.