How Hackers Got Your Passwords for Snapchat and Dropbox
By James Cook
Photo by Kevork Djansezian/Getty Images
This article originally appeared in Business Insider.
On Monday an anonymous hacker claimed to be in possession of 7 million passwords to Dropbox accounts. While that claim was probably false, it demonstrates the increasingly common way that hackers are using to gain access to your passwords.
The hacker posted around 400 usernames and passwords on anonymous note site Pastebin in a series of “teasers” for the main list. Some Reddit users were able to successfully log into Dropbox using the information posted before the company deactivated all of the leaked passwords.
But Dropbox was quick to cast doubt on the claims, denying that it had been hacked and claiming that many of the usernames and passwords were not even related to Dropbox accounts.
So where do the passwords come from? After all, they worked, for a time.
The most likely source of the information is a third-party site that had poor security. Hackers know that most internet users re-use their passwords, so they often target smaller apps made by amateur developers. These easy targets have poor security — so usernames, passwords or files may be stored in a way that’s easy for hackers to steal them.
The recent Snapchat hack, which saw nearly 100,000 private photos and videos posted online, happened because an amateur developer hadn’t securely set up his website. In a post on the Snapsaved Facebook page, the site’s anonymous founder explains that a mis-configured Apache server left the files vulnerable to hackers.