Dropbox outage; hackers claim credit

Update: The group originally claiming credit for the database breach has since acknowledged they had only performed a distributed denial of service attack. It seems the group simply used the maintenance-related Dropbox outage as an opportunity to troll the Internet. You win this round, @1775Sec.

Update 2: The Dropbox website is back up.

Update 3 - 1/11/14: Dropbox's status page shows that maintenance is still ongoing. Users continue to report trouble using some services.

Earlier this evening, Dropbox began experiencing service outages with hackers taking credit on Twitter a short while later. Dropbox issued a statement indicating that the outage was the result of an issue that arose from recent maintenance.

We have identified the cause, which was the result of an issue that arose during routine internal maintenance, and are working to fix this as soon as possible.

While the group of malicious hackers, @1775Sec, initially stated they would give Dropbox time to fix the issue before deciding to leak any compromised information, the group has since posted partial leak of supposed Dropbox user data on Pastebin.

The partial data set appears to contain first names, last names, email addresses, and possible ID numbers for some 100+ users. So far there are no indications that any user-stored files have been compromised, or any confirmation from Dropbox that there was a breach.

While some have interpreted Dropbox's statement to mean the downtime was a result of internal maintenance and a denial of a security breach, it's possible that whatever vulnerability may have allowed the breach was introduced or left open as a result of the recent maintenance.

Nick Arnott

Security editor, breaker of things, and caffeine savant. QA at Double Encore. Writes on neglectedpotential.com about QA & security, and as @noir on Twitter about nothing in particular.

More Posts

 

11
loading...
0
loading...
88
loading...
0
loading...

← Previously

#CESlive: Ralph Cirella of Geektime on Sirius 101

Next up →

#CESlive: Behind the scenes!

There are 14 comments. Add yours.

emjayess says:

So, should we change our passwords?!

UPDATE: Just tried to change the password: I was able to log in to Dropbox, but not my settings--kept getting an error message. This doesn't look too good given that the above "Update 2" states everything is restored. ?!

emjayess says:

Well, something is still screwy...

Nick Arnott says:

After your response I tried changing my password and got an error. After submitting the request a second time, my password was successfully updated. Perhaps some pieces of functionality are still coming back up. Again though, this all appears to be a hoax and there's no sign that users should worry about their passwords.

emjayess says:

OK, thanks, I'll leave it alone...

John20212 says:

This is the exact reason why I would never trust my files to someone else's servers.
A little maintenance issue and you are stuck without access to your files.
Hacking threat is also always present, even if that was not the case here.

Trappiste says:

Down again... log-in does not work, mobile client does not work, status page says "under maintenance" again. Has been going on for hours this morning. Oh well.

Nick Arnott says:

Thanks for the report. You're right. It looks like while they restored the main website, not all services are back up.

asuperstarr says:

I hope they get everything sorted out. I will change my password just for safe.

Sent from the iMore App

Becjr says:

And that, folks, is part of the problem... Liars. Truthfully, it is an act of evil to incite panic for such sinister amusement. I don't have/leave anything vital to myself on DropBox, so I didn't fret too much, but it makes me sad that people out there viewed this as an opportunity to "proposer" from others' potential anxiety by falsely stirring up alarm.
Sad.

I'm relieved that DropBox has everything sorted out.

applejosh says:

I understand that all systems go through downtime for maintenance, etc., and my issue is not necessarily that the system is down (although I am slightly perturbed at the whole thing). My problem is the lack of communication, both before the maintenance was performed (no advance warning?) and since the system went down (no updates since last night, etc.). Yes, we know they're undergoing maintenance, but no timeframes or hopeful point of full restoration. Despite what I've read, the system is not back to fully functional. I have read only access (some of the time), but I have no write access. This is good in that I can retrieve things I would need, but bad that I can't use the system in the way it is intended to be used.

emjayess says:

I should add it's not that big of a deal for me: I only use Dropbox when I'm forced to by an app. Mostly using iCloud and the service I've preferred over Dropbox: Box. Box gave us 50GB free storage to sign up a while back and I've never needed more.

GlennRuss says:

My 5S turned into a brick this morning. Would not reset, and every time I tried to do recovery, the MacBook Pro saw the phone, but would not reset it. Keep getting an error 40. Everything is updated in iTunes, and running 10.9 on the Pro, and 7.0.4 on the iPhone. Going for a replacement. Have no idea what happened. iPad 3, and iPad retina mini both running iOS 7.0.4, and drop box. No problems. When I charge the iPhone, it is in a surge protector. No indication of a power surge. Mystery.

zdn1042 says:

Glad to hear the outage was not really caused by hackers.
And really, 1775Sec? Need more followers or something?