Dropbox explanation was that a routine server upgrade was triggered by mistake and it caused the service to come down.
Then out of the blue, Anonymous claimed that 1775sec group has hacked dropbox and email accounts were stolen:
Dropbox denied this and said that the mistake was in their side, and not because they got hacked:
Additionally, a security researcher, Wesley McGrew, stated that the leaked list of email addresses was an old stolen list, found elsewhere on the web:
Up to now, all seems in order.
- Dropbox couldn’t be accessed
- 1775sec claimed credit having hacked dropbox and released a list of email addresses on pastebin.com list of email addresses
- Dropbox strongly denies that they have been hacked
- Security expert, Wesley Mcgrew, points out that it’s an hoax and the list was stolen from a previously released list
I use a method to avoid spam, where using one of my domains, I set a different email address for each website a sign up to.
In this case, for dropbox, I use something around firstname.lastname@example.org (I will create another blog article about how I do this…)
Using this method, whenever I get an email, I know the origin of it.
Just a few days after the alleged issues with dropbox, I started getting spam emails.
To which account? to the my specific Dropbox email account: email@example.com
Up to now, I have received 3 spam emails.
I've emailed Dropbox, to hear their response and this is what they replied:
Their email refers to a list of Dropbox stolen users and passwords that happened on July 2012.Hi Andy,Thanks for sending in your report. We take spam reports seriously. Back in July 2012 we reported that certain user email addresses had leaked and some users had received spam as a result.At this time, we have not seen anything to suggest this is a new issue, but remain vigilant.Please let me know if there is anything else I can do for you.Best,
Pay attention, that on their blog, they mention that they contacted the owners of the leaked emails. I've never received any message about this...
Another theory I came up with, is that I might have shared a Dropbox folder, something a rarely do, and I haven't done for a very long time (a few years...?), and the person I shared it with, got hacked and my email stolen.
Was it a coincidence that I started to received spam emails just after their downtime? Bad luck? or something here is more suspicious and Dropbox is trying to hide it?
Personally, I don’t believe in coincidences like this, but I suppose we will never know what really happened and I’ll leave it to you to take your own conclusions.