Would be interesting to know what third party service it was and how they were able to make that link.
Also the pastebin claimed such a large amount (6,937,081) of impacted users but only showed a really small sample that started with the letter 'b'. Based on that sample they were already covering letters (bf, bg, bh). So I doubt this is anywhere near the claimed amount.
Asking for 'BTC' to leak more (who wants to pay for a public list?) is also extremely suspect.
Would be interesting to know what third party service it was and how they were able to make that link.
Dropbox uses email address + password for authentication.
If you have a list of email addresses and passwords from accounts on some other compromised service, why not try them against Dropbox to see if any of those people have Dropbox accounts with the same password?
Why do you trust the hacker? By definition, hackers are not the trustworthy kind. He may have 7 million emails and passwords from elsewhere and make bold claims to collect bitcoins from lower ranks of hackers. I initially thought that some smartass created a bunch of accounts and posted them to collect some bitcoins from the naive. Particularly, because emails are so similar, i.e. I speculated that he did that to simulate having a 7 million users database.
It would be really interesting if a hacker found a way to harvest _new_ passwords and faked a huge data breach to get millions of people to change their passwords. Threatening fake data breaches if not paid a ransom could be the next profitable hacker market. It would probably work a few times, and certainly muddy up the waters for both organizations and people. Imagine trying to figure out how to respond when 10 major groups have a data breach per week, but 2 of those are real and the rest are fakes. Chaos and massive frustration.
Exactly my point! I've always wondered why journos give the wrong advice to people and why people stupidly trust them and not a technical authority on the subject. At the end of the day, all companies now reset passwords if necessary, so, people should wait for the companies to tell them what to do, and not some journo in the business of clickbaiting and scaremongering.
We use a different meaning than the widely-accepted one here. I'm taking a about real hackers, not about developers who aren't satisfied being called "developers" and look for something fancier.
Also the pastebin claimed such a large amount (6,937,081) of impacted users but only showed a really small sample that started with the letter 'b'. Based on that sample they were already covering letters (bf, bg, bh). So I doubt this is anywhere near the claimed amount.
Asking for 'BTC' to leak more (who wants to pay for a public list?) is also extremely suspect.