Dropbox is down
dropbox.com
Apparently the website has been compromised: https://twitter.com/1775Sec/status/421820685766250496
The hackers are also threatening a database leak: https://twitter.com/1775Sec/status/421822727331131392
EDIT: Dropbox's statement is that it's maintainance issues: https://tech.dropbox.com/2014/01/dropbox-status-update/
EDIT2: There is a high probability that the Twitter account is faking the hack, due to the "proof" of the hack being taken from an old dump.
EDIT3: The account admits they did not hack Dropbox, just DDOSed it. https://twitter.com/1775Sec/status/421848589480910848
For everyone linking to a certain Twitter account saying that Dropbox is compromised:
The Twitter account is lying. This is almost always the case (especially when there is some sort of Anonymous affiliation). Anyone can make a Pastebin of fake emails.
(If Dropbox actually gets hacked, it's more likely to be by a state-sponsored organization, and definitely not by someone who is going to brag about it on Twitter)
Probably just maintenance issues https://twitter.com/alicetruong/status/421834839721922560
...which isn't to say that decentralized services are mandatory for the continued health of humanity, but...
Either hackers took it down and Dropbox is lying on their status page, or Dropbox did routine maintenance and Anonymous is taking false credit.
Unfortunately, I find option #1 to be more likely.
@1775Sec You only DDoS attacked them! You didn't breach the database! Why say otherwise!"
@YourAnonPriest don't ruin the suspense brother! lol it was a pretty massive DDoS too! We used all of our bots on it!
Dropbox Status Update: https://tech.dropbox.com/2014/01/dropbox-status-update/
Use IP http://108.160.166.62 Seems DNS problem.
Update: Dropbox app seems working well after adding this like to /etc/hosts
108.160.165.62 dropbox.com
If indeed the twitter spewings are correct and they've gained access to the database, I suppose now is the time to see how Dropbox secures passwords and user details.
Its important to note this is not merely their website. All data between dropbox folders/clients is not being synced.
Just as a random update, I've been monitoring this thread & twitter etc since the beginning and it appears that dropbox is sort of working now just on extreme delay. I have auto upload on my phone and it took about 14 minutes for the picture I took to get synchronized with my desktop (normally its almost instant).
They're stating they have a partial DB leak. https://twitter.com/1775Sec/status/421842856748126208
I am sure the people who did this must be "very proud" of themselves but there can be no justification for hacking something as innocuous as Dropbox.
This is stupid. Leaking the database will compromise users, which may hurt the company a bit, but will hurt the common person more. Its a pointless hack that won't accomplish much more than just reporting the bug would.
I've made this so you can be notified by SMS when the dropbox API is working again: http://isdropboxback.slipszenko.net/
It's a compromise: https://twitter.com/1775Sec/status/421842856748126208
I think I have proof that it was compromised, and it's not just maintenance. Has this been confirmed?
I'm thinking of writing a blog about it?
I love Dropbox, but a distributed solution like BT Sync or AeroFS is looking more attractive.
It was only a matter of time. So many people use DB. Still, I'll keep supporting them.
It's just a DDoS Attack according to them
Seems working now.
:(
<tinfoil>Surely the NSA has nothing to do with this... </tinfoil>
It's unbelievable to realize that the Yahoo or Google never experienced such accident. This is not the time for maintenance. Failover is the key, production should have hardware load balancing to switch to, right? Actually the front end should not be affected with the backend, unless the entire website is compromised.