Dropbox “partial leak” from Anonymous-linked group is a fake, designed to troll tech press

By on

Screen Shot 2014-01-11 at 1.47.46 pm

The Anonymous-linked hacking group 1775 Sec has now confirmed that their attack on Dropbox is a fake. While the group claims that the DDOS attack was real, the data breach claim was designed to troll the tech press.

“That was some serious Lulz. We DDoS attack DropBox! After it’s down we say data base compromise! And the media is all over it! #Lulz #fail,” the group said in a tweet. In another, “Did anyone bother to do some research. lol. We made the Internet Reporters look like fools! That is what we did in your honor Aaron Swartz.”

The “partial leak” from 1775 Sec was from another database dump of an Irish website posted on 2013.

Dropbox is still sticking to the story that the downtime was not caused by external factors, but by an internal maintenance issue. “Today’s outage was caused during internal maintenance, and was not caused by external factors. We apologize for any inconvenience,” a spokesperson said in an email.

Until proven otherwise, Dropbox’s story is the more likely out of the two – especially since 1775 Sec has lied.

As the writer of the story, I obviously fell for the trolling – and, I should add, so did an Anonymous group in Korea for repeating the story. And I apologise for any panic that you may have experienced if you read the story – which we have posted below. It goes to show you that you should have a little bit of doubt on any purported claims posted on Twitter.

When you read someone claiming to have accessed personal information – especially when you, yourself, are a user of the product – you go for the worst possible scenario that someone had accessed your data and might leak it.

ORIGINAL [2:54pm]: An Anonymous-linked hacking group has proclaimed on Twitter that they have successfully compromised Dropbox, and posted a partial leak of customers’ data on Pastebin. The attacks are part of an overall Anonymous operation in honour of Aaron Swartz and the anniversary of his death.

The group, The 1775 Sec, proclaimed on Twitter that they hacked the cloud service; and were threatening to release the data unless Dropbox fixes the vulnerability.

In a statement sent to us and posted on their Dropbox Tech blog, however, the company suggested the downtime was because of a routine maintenance issue.

“We are aware of an issue currently affecting the Dropbox site. We have identified the cause, which was the result of an issue that arose during routine internal maintenance, and are working to fix this as soon as possible. We apologize for any inconvenience,” it wrote.

The group then released a “partial leak” of data online after hearing Dropbox’s response to their attack and to claims of proof. The data, released on Pastebin, contains names and email addresses of around 130 users. However, it appears some doubt on those claims as the email addresses in the dump by 1775 Sec appear on a different email lists. According to Cyber War News, the emails appear on a list leaked from 2012.