Popular cloud storage service Dropbox went down Friday night for at least two hours due to what the company claims was an issue pertaining to internal maintenance, though one hacker group alleges to have caused the outage with a DDoS attack.
Shortly after users reported the outage at around 6 p.m. PST, a hacker group identifying themselves as The 1775 Sec tweeted that it had successfully compromised the Dropbox database. The post also linked to a supposed cache of user data uploaded to website Pastebin.com.
During the downtime, Dropbox users attempting to access the service through its web portal were automatically directed to a system status page displaying the image above. As of this writing, the webpage has been changed to reflect that "Dropbox is under maintenance" and attempts to log in are met with an Error (500) message.
When contacted by multiple media outlets, Dropbox maintained the leaked data claim was a hoax, a fact later confirmed by subsequent tweets from The 1775 Sec. The supposed hacker group later said it had used bots to carry out a distributed denial of service attack in honor of Internet prodigy and political activist Aaron Swartz, who committed suicide on Jan. 11, 2013.
At the time of his death, Swartz was facing charges for allegedly stealing over 1,000 academic journals from JSTOR through a Massachusetts Institute of Technology network. He supposedly planned to make the documents freely available to the public.
Dropbox site is back up! Claims of leaked user info are a hoax. The outage was caused during internal maintenance. Thanks for your patience!
— Dropbox (@Dropbox) January 11, 2014
In an update to Dropbox's tech blog a around 8:30 p.m., the company announced the service was back online and once again refuted claims of leaked user data. An identical message was posted to Twitter at around the same time.
32 Comments
DDoS isn't a breach, it's just an automated flood of requests designed to overload a site. No data will have been taken. No proficient hacking team use DDoS attacks, these are just used by script kiddies who think it makes them hackers.
Duplicate post.
Duplicate post.
DDoS post ?
It may be a coincidence but yesterday at about the time of the takedown Dropbox on my Mac asked for authorization to change permissions on my home folder. I said no (hell no) but it resulted in my whole home directory being taken offline (I have it on a separate hdd from the system which is on ssd). I had to go through the zap PRAM, nvram, fsck, repair disk, repair permissions, re-bless partition dance to get it back up and running. Not sure if someone was trying to gain root permissions through Dropbox or if the outage just gave the machine vertigo. Glad I said no though. Also, glad I don't store sensitive material in the cloud.
Of course it wasn't hacked. That would be lame, already happened 3 times or so, not very original to do anymore http://www.zdnet.com/dropbox-gets-hacked-again-7000001928/