

Tell HN: Dropbox e-mail database hacked (again?) - moe

A minute ago I've received a phishing mail (screenshot http://imgur.com/lc5VxtY) on all my 8 email addresses that I had used to sign up for dropbox accounts over the years.<p>These are all non-guessable addresses used exclusively for dropbox.<p>All links in that mail point to http://lindXXXbuchleitner.com/wp-content/plugins/wps.php?c002 (XXX = sey), which presumably carries something malicious (I didn't click).<p>Question to HN: Who else has received this spam?<p>And question to Dropbox: Why was I not notified when my e-mail addresses (and what else?) were stolen from your servers?
======
guiambros
There was an entire thread a few weeks ago:
<https://news.ycombinator.com/item?id=5300492>

I contacted Dropbox at the time, and they confirmed it _seems_ to be related
to the leak of email addresses July last year. Of course this doesn't make
things less serious; they still have a leak, and our info is likely out in the
wild. But at least they did notify affected users last year.

    
    
      > Sean, Mar 13 02:19 pm (PDT): 
      > Hi,
      > Sorry for not responding earlier, and thanks for the report. We're still
      > looking into the spam, and so far it looks like it's tied to the leak of
      > email addresses from Dropbox back in July.
      > 
      > You can read more about it here:
      > https://blog.dropbox.com/2012/07/security-update-new-features/
      > If you have any questions, please let me know.
      > 
      > Best,
      > Sean

------
moe
Okay, after some research this _might_ be aftermath from a breach that
happened last year: [http://arstechnica.com/security/2012/07/dropbox-hires-
outsid...](http://arstechnica.com/security/2012/07/dropbox-hires-outside-
experts-to-investigate-possible-e-mail-breach/)

Though I wonder why I start receiving spam now (almost a year later).

And I wonder how it hits _all_ my Dropbox-accounts despite Dropbox claiming
only "some" addresses were lost back then.

It doesn't quite add up to me, and I also don't like that the relevant threads
on the dropbox-forum (that the various blog-posts link to) seem to be deleted.

------
sp332
That link redirects to
hxxp://3rgjrihoqwd.dns04.com/closest/98y7y432ufh49gj23sldkkqowpsskfnv.php
DNS04 is a dynamic IP address service. That address loads an obfuscated web
page with a java (or flash?) widget. Then it redirects to hxxp://doctormusi.ru
which tries to sell me Viagra.

------
460200
Thank you updating that this issue still is occurring with Dropbox e-mails.
Has Dropbox officially responded to this incident? It seems as if this problem
has been mentioned here and some other outlets for about a month or so
(emerged some time around mid-Feb. 2013 ? ).

------
bonzoq
Why would anyone use eight different emails to (presumably) eight different
accounts?

~~~
moe
I use a dedicated e-mail for every account I create anywhere (servicename-
foo@domain.com).

I don't recall the reasons for all of the accounts, but I often create quick
one-offs e.g. when to share photos from a mobile/tablet without linking it to
my main account. Most of the accounts haven't been in use for years.

