For many organizations that have endured security breaches within the past year, the standard PR approach has been to admit that a breach occurred, apologize, and try to make it up to customers.
But what if it wasn’t the organization’s fault, and the leaked information wasn’t all that dangerous?
That’s the argument cloud storage service Dropbox made after dozens of outlets reported on a Reddit post in which a hacker claimed to have obtained 7 million usernames and passwords. As proof, the hacker posted a list of several hundred usernames and passwords.
In a blog post titled simply “Dropbox wasn’t hacked,” the company’s security head, Anton Mityagin, pushed back against the reports: