Security & Fraud

Dropbox Hit With False Data Breach Claims

Dropbox's False Data Breach

Reports of data breaches and cyberattacks are serious, but what happens when those claims are untrue?

According to Krebs on Security, last week, several identity theft protection companies incorrectly named Dropbox as the source of a data breach that compromised nearly 73 million usernames and passwords.

In fact, the data was actually compromised due to breach at social network Tumblr, just one of the many data breaches to hit social networks in recent months.

“The credentials leaked in connection with breaches at those social networking sites were stolen years ago, but the full extent of the intrusions only became clear recently — when several huge archives of email addresses and hashed passwords from each service were posted to the Dark Web and to file-sharing sites,” Brian Krebs wrote in the post.

LifeLock confirmed that it notified some of its members that their Dropbox credentials were detected on the internet, but Dropbox itself did not have a data breach.

“We have learned that LifeLock and are reporting that Dropbox account details of some of their customers are potentially compromised,” Patrick Heim, head of trust and security at Dropbox, told Krebs. “An initial investigation into these reports has found no evidence of Dropbox accounts being impacted. We’re continuing to look into this issue and will update our users if we find evidence that Dropbox accounts have been impacted.”

Through his investigation, Krebs tracked down the source of the false positive: identity monitoring firm CSID.

“Our mandate is to alert our client subscribers when we find their information on the Dark Web,” Bryan Hjelm, VP of product and marketing for CSID, explained to Krebs. “Regardless of the source, this is compromised data that belongs to them.”

Though Hjelm admitted there have been "reputational concerns" from Dropbox and other companies due to the misattribution of the breach, he pointed out that this was the first time an incident like this has taken place for CSID.



The How We Shop Report, a PYMNTS collaboration with PayPal, aims to understand how consumers of all ages and incomes are shifting to shopping and paying online in the midst of the COVID-19 pandemic. Our research builds on a series of studies conducted since March, surveying more than 16,000 consumers on how their shopping habits and payments preferences are changing as the crisis continues. This report focuses on our latest survey of 2,163 respondents and examines how their increased appetite for online commerce and digital touchless methods, such as QR codes, contactless cards and digital wallets, is poised to shape the post-pandemic economy.

Click to comment