Dropbox’s website appeared offline late Friday night, with the company releasing a statement saying the issue occurred during “routine internal maintenance.” Just moments before the outage, though, the hacker group The 1775 Sec took to Twitter to state that they were responsible for downing the Dropbox website, and that they did so in in honor of late programmer and activist Aaron Swartz on the eve of the one-year anniversary of his death. The news followed reports that a Massachusetts Institute of Technology subdomain had also been taken down by hackers in honor of the late programmer.
“BREAKING NEWS: We have just compromised the @Dropbox Websitehttp://t.co/HqnsZOLSXR #hacked #compromised”
— The 1775 Sec (@1775Sec) January 11, 2014
Anonymous followed the tweet up minutes later, echoing the original statement. The 1775 Sec followed their original tweet up by stating that they were giving Dropbox time to resolve vulnerabilities with their website, threatening a database leak if the issue isn’t resolved.
Indeed, the site was unavailable at the time of this article’s original publication, displaying a message that it was “experiencing issues.” In a statement sent to The Verge and other media outlets, Dropbox said the issue came from within the company. But when asked directly about the possibility of an outside meddling , Dropbox did not confirm or deny the possibility, instead responding with the same statement as follows:
We have identified the cause, which was the result of an issue that arose during routine internal maintenance, and are working to fix this as soon as possible… We apologize for any inconvenience.
Another Twitter account claiming to be affiliated with the Anonymous hacktivist movement posted what it said was leaked information of Dropbox users, but several security researchers pointed out that the information contained in the purported leak matched other, unrelated security breaches. After the leak, the 1775 Sec Twitter account claimed the information was a deliberate hoax, saying it only launched a distributed denial-of-service attack (DDoS) on Dropbox, and had not breached Dropbox security, nor compromised any Dropbox user data:
“We are literally choking on laughter! We DDoS attacked #DropBox. Claiming its a data breach! This is so ducking funny?”
— The 1775 Sec (@1775Sec) January 11, 2014
We are on the lookout for more info on this breach and we will update you when we learn more