Monday, June 30, 2014

Suspicion: Dropbox was hacked on Jan 2014

Most probably, some of you have heard that Dropbox became unavailable a few weeks ago.
Dropbox explanation was that a routine server upgrade was triggered by mistake and it caused the service to come down.
Then out of the blue, Anonymous claimed that 1775sec group has hacked dropbox and email accounts were stolen:
Dropbox denied this and said that the mistake was in their side, and not because they got hacked:

Additionally, a security researcher, Wesley McGrew, stated that the leaked list of email addresses was an old stolen list, found elsewhere on the web:
Up to now, all seems in order.
  1. Dropbox couldn’t be accessed
  2. 1775sec claimed credit having hacked dropbox and released a list of email addresses on list of email addresses
  3. Dropbox strongly denies that they have been hacked
  4. Security expert, Wesley Mcgrew, points out that it’s an hoax and the list was stolen from a previously released list
Now, you might ask why do you think I have strong suspicion that dropbox was hacked?
I use a method to avoid spam, where using one of my domains, I set a different email address for each website a sign up to.
In this case, for dropbox, I use something around (I will create another blog article about how I do this…)
Using this method, whenever I get an email, I know the origin of it.
Just a few days after the alleged issues with dropbox, I started getting spam emails.
To which account? to the my specific Dropbox email account:

Up to now, I have received 3 spam emails.
I've emailed Dropbox, to hear their response and this is what they replied:
Hi Andy,
Thanks for sending in your report. We take spam reports seriously. Back in July 2012 we reported that certain user email addresses had leaked and some users had received spam as a result.
At this time, we have not seen anything to suggest this is a new issue, but remain vigilant.
Please let me know if there is anything else I can do for you.
Their email refers to a list of Dropbox stolen users and passwords that happened on July 2012.
Pay attention, that on their blog, they mention that they contacted the owners of the leaked emails. I've never received any message about this...
Another theory I came up with, is that I might have shared a Dropbox folder, something a rarely do, and I haven't done for a very long time (a few years...?), and the person I shared it with, got hacked and my email stolen.
Was it a coincidence that I started to received spam emails just after their downtime? Bad luck? or something here is more suspicious and Dropbox is trying to hide it?
Personally, I don’t believe in coincidences like this, but I suppose we will never know what really happened and I’ll leave it to you to take your own conclusions.

Moving to Blogger!

Tired of needing to maintain my Drupal blog and fighting spam, I've resorted to move to Blogger.
It's way too much overhead for me to have my own (EC2) hosting for such a simple blog.