Dropbox Denies hacker breach responsible for hours long outage

Posted:
in General Discussion edited January 2014
Popular cloud storage service Dropbox went down Friday night for at least two hours due to what the company claims was an issue pertaining to internal maintenance, though one hacker group alleges to have caused the outage with a DDoS attack.

Dropbox


Shortly after users reported the outage at around 6 p.m. PST, a hacker group identifying themselves as The 1775 Sec tweeted that it had successfully compromised the Dropbox database. The post also linked to a supposed cache of user data uploaded to website Pastebin.com.

During the downtime, Dropbox users attempting to access the service through its web portal were automatically directed to a system status page displaying the image above. As of this writing, the webpage has been changed to reflect that "Dropbox is under maintenance" and attempts to log in are met with an Error (500) message.

When contacted by multiple media outlets, Dropbox maintained the leaked data claim was a hoax, a fact later confirmed by subsequent tweets from The 1775 Sec. The supposed hacker group later said it had used bots to carry out a distributed denial of service attack in honor of Internet prodigy and political activist Aaron Swartz, who committed suicide on Jan. 11, 2013.

At the time of his death, Swartz was facing charges for allegedly stealing over 1,000 academic journals from JSTOR through a Massachusetts Institute of Technology network. He supposedly planned to make the documents freely available to the public.

Dropbox site is back up! Claims of leaked user info are a hoax. The outage was caused during internal maintenance. Thanks for your patience!

-- Dropbox (@Dropbox)


In an update to Dropbox's tech blog a around 8:30 p.m., the company announced the service was back online and once again refuted claims of leaked user data. An identical message was posted to Twitter at around the same time.
«1

Comments

  • Reply 1 of 32
    evilutionevilution Posts: 1,399member
    DDoS isn't a breach, it's just an automated flood of requests designed to overload a site.
    No data will have been taken. No proficient hacking team use DDoS attacks, these are just used by script kiddies who think it makes them hackers.
  • Reply 2 of 32
    evilutionevilution Posts: 1,399member
    Duplicate post.
  • Reply 3 of 32
    Quote:
    Originally Posted by Evilution View Post



    Duplicate post.

     

    DDoS post ? :D 

  • Reply 4 of 32
    It may be a coincidence but yesterday at about the time of the takedown Dropbox on my Mac asked for authorization to change permissions on my home folder. I said no (hell no) but it resulted in my whole home directory being taken offline (I have it on a separate hdd from the system which is on ssd). I had to go through the zap PRAM, nvram, fsck, repair disk, repair permissions, re-bless partition dance to get it back up and running.

    Not sure if someone was trying to gain root permissions through Dropbox or if the outage just gave the machine vertigo. Glad I said no though. Also, glad I don't store sensitive material in the cloud.
  • Reply 5 of 32
    Of course it wasn't hacked. That would be lame, already happened 3 times or so, not very original to do anymore
    http://www.zdnet.com/dropbox-gets-hacked-again-7000001928/
  • Reply 6 of 32

    My dropbox a/c is still off-line, some 16 hours since the 1st outage. Removed cookies, restarted computer, but sign-in only leads to the Error 500 screen. Sigh  :(



    This doesn't seem like a "maintenance issue".

  • Reply 7 of 32
    lkrupplkrupp Posts: 10,557member

    At what point do all of these constant breaches of security begin to sour the public on online commerce? Local TV interviews over the Target data breach has made more than a few customers pledge to use cash only from now on. I my own case the majority of my financial business is done online, such as direct deposit of my retirement income, automatic payment of bills (utilities, credit cards, etc.) and I am reconsidering the use of online payments systems. It’s probably safer to just send a check in the mail. 

  • Reply 8 of 32
    poochpooch Posts: 768member
    they also denied a breach over a year ago when the email addresses and who knows what else of their customers were stolen. denial does not make it not happen.
  • Reply 9 of 32
    Quote:

    Originally Posted by lkrupp View Post

     

    At what point do all of these constant breaches of security begin to sour the public on online commerce? Local TV interviews over the Target data breach has made more than a few customers pledge to use cash only from now on. I my own case the majority of my financial business is done online, such as direct deposit of my retirement income, automatic payment of bills (utilities, credit cards, etc.) and I am reconsidering the use of online payments systems. It’s probably safer to just send a check in the mail. 


    Yes ... the mail is reliable and nothing ever gets stolen in the mail.

  • Reply 10 of 32
    lkrupplkrupp Posts: 10,557member
    Quote:
    Originally Posted by joelsalt View Post

     

    Yes ... the mail is reliable and nothing ever gets stolen in the mail.


     

    Talking about what’s safer, not what’s safe. Nothing is safe but at this point it looks like traditional postal mail is a lot safer than online transactions. 

  • Reply 11 of 32
    Originally Posted by joelsalt View Post

    Yes ... the mail is reliable and nothing ever gets stolen in the mail.

     

    What sort of nonsense is this?



    In the mall I can put a bullet in the stomach of the person trying to rob me.

     

    Which way should I point my gun to stop my information being stolen from someone else’s servers?

  • Reply 12 of 32
    Quote:
    Originally Posted by lkrupp View Post

     

     

    What an asinine response, jackass....


    Jackass?

  • Reply 13 of 32
    Quote:

    Originally Posted by Tallest Skil View Post

     



    ....In the mall I can put a bullet in the stomach of the person trying to rob me.

     

    Which way should I point my gun to stop my information being stolen from someone else’s servers?


    This explains a lot!

  • Reply 14 of 32
    crowleycrowley Posts: 10,453member
    Inability to read before declaring something as nonsense for one.
  • Reply 15 of 32
    gatorguygatorguy Posts: 24,176member
    The indications are that it was a simple DDoS attack and no data taken. That according to the supposed hackers. But they did find seeding the misinformation funny apparently.
  • Reply 16 of 32
    bighypebighype Posts: 148member

    Dropbox = Crapbox.

     

    They were caught lying few times in the past. I wouldn't trust anything these guys say.

  • Reply 17 of 32
    @robogobo

    "Also, glad I don't store sensitive material in the cloud."

    Funny, at no point in this was I ever concerned. I just encrypt everything before it goes up into the cloud using nCrypted Cloud. Whether it's Dropbox or any cloud storage provider being hacked, I'm not worried ^^
  • Reply 18 of 32
    lkrupp wrote: »
    What an asinine response, jackass. Talking about what’s safer, not what’s safe. Nothing is safe but at this point it looks like traditional postal mail is a lot safer than online transactions. 

    Wow krupp you really are a charmer aren't you? Calling someone a jackass kind of shows maybe your are instead
  • Reply 19 of 32
    solipsismxsolipsismx Posts: 19,566member
    robogobo wrote: »
    Also, glad I don't store sensitive material in the cloud.

    Nothing? Are you sure about that?
  • Reply 20 of 32
    lkrupplkrupp Posts: 10,557member
    Quote:

    Originally Posted by MightyApple View Post





    Wow krupp you really are a charmer aren't you? Calling someone a jackass kind of shows maybe your are instead

     

    Another zero day troll joins the forum? I guess we’ll find out real soon.

Sign In or Register to comment.