On January 6th 2017, our entire database was maliciously deleted.
This means that you'll have to sign up again. If you need your previous email address restored, after you sign up send an email to restore@sendtodropbox.info with the email address associated with your Dropbox account and your desired sendtodropbox.com email address, and we'll restore it in a timely manner.Our database fell victim to an attack that swept the entire internet, taking down over 20,000 databases across the net.
Send to Dropbox's database was properly secured with and username and password, however, due to insecure default settings present on older versions of MongoDB, there existed a default administrator user with no password set. I was unaware of this and it left a hole open for an attacker to delete our database. You can read more general details about the attack here. After taking an extensive look at our logs, we learned that our database was in fact not copied or taken hostage, but deleted entirely. This is an important distinction because it means that there's not a copy of our database floating around the internet somewhere.Unsure how to proceed with this service that had 250,000 users but a database that had just been deleted, I initially planned on issuing refunds to paying subscribers and shutting down completely. However, after receiving a deluge of emails from users pleading with me to keep the service running, I decided to move to a managed database and reopen the service.
Send to Dropbox now runs on MongoDB Cloud Atlas managed database hosting. Every security recommendation has been followed to secure this database and hourly backups have been enabled. The type of attack used to take down our old database will not happen again.
Ultimately, I want to apologize to the users of Send to Dropbox for this inconvenience. While I believe MongoDB shares some blame for the 20,000+ databases that were compromised for shipping a product with insecure default settings, ultimately it's my responsibility to build a secure application, and I failed to do that, and for that I am sorry. I appreciate the patience and understanding of our users and hope to get everyone restored as quickly as possible.