DROPBOX HAS DENIED any wrong-doing after hackers began posting log-in data from a supposed seven million users online.
The company said that, if any leak has occurred, it came from a third-party app and if anyone does happen to be using the same password across services, it is still likely to be very out of date as the company now uses a token API rather than a text-in-the-clear system.
At present, the hackers are dripfeeding the user names and passwords they claim to have harvested into Pastebin documents and are appealing for bitcoin donations to reveal more in a way somewhat akin to a celebrity telethon.
Dropbox has responded by saying: "Recent news articles claiming that Dropbox was hacked aren’t true. Your stuff is safe.
"The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log-in to sites across the internet, including Dropbox.
"We have measures in place to detect suspicious log-in activity and we automatically reset passwords when it happens. Attacks like these are one of the reasons why we strongly encourage users not to reuse passwords across services.
"For an added layer of security, we always recommend enabling two-step verification on your account."
But contrary to this, many users of 4Chan and Reddit are saying that the passwords are valid and do work. Dropbox has since updated its statement re-emphasising that this is not the case.
Claire Galbois, director of cloud solutions at Accellion, said that this is a good example of why private clouds are a safer way of storing data than "intermingling" public ones.
"With private cloud file sharing, enterprises retain control and ownership of their data and the encryption keys to access that data," she explained.
"This means that the enterprise organisation is in control of who can access that data, including any government agency that requests information or metadata.
"Dropbox’s public cloud architecture is a large obstacle to winning enterprise deployments."
By coincidence Accellion sells private clouds, but in any case it's a view shared by others, including Edward Snowden who has once again been telling people to get off Dropbox and on to encrypted services.
The overarching advice is, if in doubt, change your Dropbox password now. Alternatively, if in no doubt, change your Dropbox password anyway.
Dropbox launched the Simple Secure initiative last month to build confidence with consumers over cloud security. µ
Someone could be in for a NASty surpise
An assault course on the senses
Boasting Bionic boosting