The hacker claims the initial dump is just a portion of the 6,937,081 Dropbox accounts he claims to have compromised on Tuesday. He then requested Bitcoins in payment before he would allow access to more accounts.
In a statement to The Next Web Dropbox said the service had not been hacked and these passwords were expired.
Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well.
At the time of writing, when entering the leaked usernames and passwords into Dropbox, the service prompts the user to reset your password by sending an email to the registered address. Some reddit commenters claimed they could access the accounts shortly after the leaks, yet this has not been verified.
The latest attack follows the celebrity nude photo scandal in August, where dozens of A-List Hollywood stars had their iCloud accounts hacked and private photographs leaked online by an unidentified hacker.
To protect yourself from hackers getting to your personal information, it is advised you set up two-step verification on your Dropbox account, and all other accounts that have the option for that matter.