Tell HN: Dropbox e-mail database hacked (again?)
A minute ago I've received a phishing mail (screenshot http://imgur.com/lc5VxtY) on all my 8 email addresses that I had used to sign up for dropbox accounts over the years.
These are all non-guessable addresses used exclusively for dropbox.
All links in that mail point to http://lindXXXbuchleitner.com/wp-content/plugins/wps.php?c002 (XXX = sey), which presumably carries something malicious (I didn't click).
Question to HN: Who else has received this spam?
And question to Dropbox: Why was I not notified when my e-mail addresses (and what else?) were stolen from your servers?
7 comments
[ 3.6 ms ] story [ 36.8 ms ] threadThough I wonder why I start receiving spam now (almost a year later).
And I wonder how it hits all my Dropbox-accounts despite Dropbox claiming only "some" addresses were lost back then.
It doesn't quite add up to me, and I also don't like that the relevant threads on the dropbox-forum (that the various blog-posts link to) seem to be deleted.
I don't recall the reasons for all of the accounts, but I often create quick one-offs e.g. when to share photos from a mobile/tablet without linking it to my main account. Most of the accounts haven't been in use for years.
I contacted Dropbox at the time, and they confirmed it _seems_ to be related to the leak of email addresses July last year. Of course this doesn't make things less serious; they still have a leak, and our info is likely out in the wild. But at least they did notify affected users last year.