

Dropbox remains silent despite more users confirming the email address leak - lucb1e
https://forums.dropbox.com/topic.php?id=97303&page=4

======
bradleyland
You cannot prove that Dropbox is responsible for a leak using principals of
exclusion. For example, the following is not "proof" that Dropbox leaked your
email:

> I received spam at username+dropbox1acf77a@example.com, and I have only ever
> used this email at Dropbox!

The logic here is that since you only used the specially crafted email at
Dropbox, all other possible disclosure sources are excluded. Contrast this to
someone having identified a method for accessing user details through some
exploit. That would be an inclusive proof. It certainly is cause for
suspicion, but it is not proof.

Anyone who has worked in IT for any length of time will tell you that
certainty is a dangerous thing when troubleshooting. The more certain you are
of something, the less open you are to considering other possibilities.
Without fail, the occassion will arrise where that thing you thought was
_impossible_ is the thing that caused your problem.

