Dropbox Hack A Hoax
The two groups both claimed that they compromised the Dropbox website Friday evening and accessed the site’s database, but shortly thereafter Wesley McGrew of McGrew Security noted in a tweet that the emails in the supposed database leak matched something that’s been posted on Pastebin for over a month.
In short order, The 1775 Sec was tweeting that they didn’t hack the user database but instead hit Dropbox with an effective DDoS attack, and then took the tack that they did it in honor of activist Aaron Swartz. (And also for the lulz.)
Dropbox has strongly denied that it was the victim of a hack and posted a blog stating that the outage happening during routine maintenance. “This was caused during routine internal maintenance, and was not caused by external factors. We are working to fix this as soon as possible. We apologize for the inconvenience,” reads the post in part.
However, Dropbox may not be entirely forthcoming about the truth; it’s clear that the database was not hacked, but saying that “external factors” were not at play discounts the claim that there was a DDoS attack. A DDoS attack is a far cry from a hack, but it still counts as an attack of sorts. However, the effectiveness of the DDoS effort were Dropbox not in the middle of maintenance is up for debate.
The 1775 Sec doesn’t come out looking so hot, itself. It seems as though the group was perhaps looking for some notoriety and made a bold claim that was quickly debunked, and then it pivoted and said the whole thing was intended to troll the media. But it also--inadvertently or not--also trolled Anonymous, and did so in the name of anti-hero Aaron Swartz, which probably wasn’t a great idea. There may be some backlash coming there.