Dropbox Outage Map

Community Discussion

Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.

Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.

Dropbox Issues Reports

Latest outage, problems and issue reports in social media:

• 
  Stuart Pryke (@SPryke2) reported 1 minute ago

  @sila_beyaz @HLearningPD There’s a Dropbox link at the back. It’ll take you to a page where you can scroll down to find the RTT book. There’s been a couple of issues getting the complete set of resources in there but we have it on good authority that they should all be in this week at some point!

• 
  John Cartwright°͌͌͌͌͌͌͌͌͌͌͌͌͌͌͌͌͌͌͌͌͌͌͌͌͌ 🐈 🐈 🐈 (@bejiitas_wrath) reported 2 minutes ago

  Windows Defender, the built-in antivirus running on every Windows machine, has a working zero-day exploit with full source code sitting on GitHub. No patch, no CVE, and confirmed working on fully updated Windows 10 and 11. A researcher who says Microsoft went back on their word just handed every attacker paying attention a privilege escalation that takes any low-privileged account straight to NT AUTHORITY\SYSTEM. On Windows Server, the result is different but still serious: a standard user ends up with elevated administrator access. The vulnerability is called BlueHammer. On April 2nd, the researcher posted the public disclosure on a personal blog, and on April 3rd, the full exploit source code went live on GitHub. Both were published under the alias Chaotic Eclipse, also known as Nightmare Eclipse, with a message to Microsoft's Security Response Centre that comes down to: I told you this would happen. In late March, the same researcher opened a blog with a single post explaining that they never wanted to come back to public research. Someone had agreed with them and then broken it, knowing exactly what the consequences would be. The post says it left the researcher without a home or anything. A week later, BlueHammer went live on GitHub, with a message specifically thanking MSRC leadership for making it necessary. That is not someone annoyed with a slow review process. That is someone with nothing left to lose. BlueHammer is not a traditional bug, and it does not need shellcode, memory corruption, or a kernel exploit to work. What it does is chain five completely legitimate Windows components together in a sequence that produces something their designers never intended. Those five components are Windows Defender, Volume Shadow Copy Service, the Cloud Files API, opportunistic locks, and Defender's internal RPC interface. One practical limitation worth knowing: the exploit needs a pending Defender signature update to be available at the time of the attack. Without one in the queue, the chain does not trigger. That makes it less reliable than a push-button exploit, but it does not make it safe to ignore. When Defender runs an antivirus definition update, part of that process involves creating a temporary Volume Shadow Copy, which is the same snapshot mechanism Windows uses for backup and restore. That shadow copy contains files that are normally completely locked during regular operation, including the SAM database, which stores the password hashes for every local account on the machine. BlueHammer registers itself as a Cloud Files sync provider, the same kind of thing that OneDrive or Dropbox uses to sync files. When Defender touches a specific file inside that folder, the exploit gets a callback and immediately places an opportunistic lock on that file. Defender stalls, blocked, waiting for a response that is never coming. The shadow copy it just created is still mounted. The window is open. With Defender frozen in place, the exploit reads the SAM, SYSTEM, and SECURITY registry hives directly from the snapshot. It decrypts the stored NTLM password hashes using the boot key pulled from the SYSTEM hive, changes a local administrator account's password, logs in with that account, copies the administrator security token, pushes it to the SYSTEM level, creates a temporary Windows service, and spawns a command prompt running as NT AUTHORITY\SYSTEM. Then, to cover its tracks, it puts the original password hash back. The local account password looks completely unchanged. No crash, no alert, nothing. The Cloud Files provider name hardcoded in the exploit source code reads IHATEMICROSOFT. The administrator password used during the escalation is hardcoded as $PWNed666!!!WDFAIL. These are not bugs left by accident. They are messages, written directly into the code, and there is only one intended reader.

• 
  “Ijebu Tax” (@OlalekanOR) reported 4 minutes ago

  @TaoFeek182 Tbh, I could not download it, the Dropbox was not working. I'd share with you once I get hold of it.

• 
  Aakash Gupta (@aakashgupta) reported 8 minutes ago

  In April 2024, Dropbox disclosed that one compromised service account had given an attacker access to every active Dropbox Sign user's email, phone number, hashed password, API keys, OAuth tokens, and MFA data. Plus the names of everyone who had ever signed a document through the platform without even making an account. Syncthing has been around since 2013 and that breach is structurally impossible against it. 82,000 GitHub stars. MPL-2.0 license. Maintained by a Swedish non-profit foundation. Written in Go. The architecture is the whole product. Every device gets a cryptographic certificate. Traffic is TLS-encrypted end to end. Files move directly between machines you own through the Block Exchange Protocol. No central server gets compromised because no central server exists. Turn off the optional discovery and relay services and Syncthing has zero connection to anyone else's infrastructure. The reason cloud sync keeps producing breaches like the one above is structural. Centralized storage requires a single high-value target. The property that lets you log into Dropbox from a hotel computer is the same property that exposed every user when one service account fell. The convenience and the vulnerability are the same feature. Syncthing trades that property away. The cost is real. Both devices need to be online for sync to happen. There's no web UI you can hit from a borrowed laptop. No shareable link to text a friend. For most people that's a dealbreaker, which is why most people have never heard of Syncthing despite 13 years of open development. For files you actually care about, understand what the $120/year subscription is paying for. Storage at scale is close to free. The price covers an account, a server, a database, and a team that has to keep all three secure forever. The same surface area that made the 2024 breach possible. Dropbox can read your files. So can Google. So can Apple. Their architecture requires it. Syncthing literally cannot. Its architecture forbids it.

• 
  Andreas (@abrkn) reported 11 minutes ago

  @Dropbox Dropbox paper logs me out every single day starting a few weeks ago. Login method is passkey. Please fix

• 
  Incognito ergo sum ⚔️ (@brennschlus) reported 11 minutes ago

  @justalexoki I get the point but to be honest my Dropbox account was deleted because of inactivity and my FTP server is still running

• 
  Some UK Tesla Guy (@SomeUKTeslaGuy) reported 15 minutes ago

  Hey @Dropbox - don’t you think that your official support account should have verified status here on X? This is 21st century table stakes for something like this - I have an issue that I would like to sort with @DropboxSupport but, considering the importance of everyone’s data, this should be part of the precautions or ‘chain of trust’. Please get this sorted - I’ve been waiting 40 minutes and counting for a chat agent on the website too! 😤

• 
  Michael Hartl (@mhartl) reported 17 minutes ago

  For the billionth time @Apple is failing to properly sync my files across devices. It’s hard to believe iCloud is still so incompetent after so many years. I’m sure it’s not a trivial problem, but @Dropbox gets it right every single time. Surely isn’t too hard for Apple?

• 
  That Startup (@ThatStartup_) reported 19 minutes ago

  Dropbox grew from 100K to 4M users in 15 months. They spent $0 on paid ads to do it. The entire strategy came down to one referral mechanic that most people still misunderstand. #growth

• 
  DickeyThump (@dickeythump) reported 22 minutes ago

  @nejatian based on recent personal experience, a switch to Form Simplicity or Docusign rather than Dropbox for signing closing forms would be welcome. Dropbox has terrible mobile interface when signing digitally. @Opendoor $open

• 
  Sam :) (@SamB_46) reported 26 minutes ago

  $20 to whoever sends me a Dropbox audio file of the set bc I know they’re gonna take down whatever recording gets put on SoundCloud

• 
  ᴾᵒᵗ ᵒᶠ ˢⁿᵉᵉᵈ (@P0tofSn33d) reported 26 minutes ago

  @Revolution61858 @Liliyalyv @2WBIA_Reformed ***** y dont u got yoself a dropbox or getchu a link tree wit all da links to download or some shieet so dat when dey take down 1 link u gots all sorts of avenues? Hustler Mindset *****.

• 
  Zach Roseman (@zachrose51) reported 26 minutes ago

  @SamMillerWright Alright - found some of your customers: Goldman Sachs, Spotify, Chase, Twitter, Dropbox, Google, Microsoft, IBM, Uber, Salesforce and Apple. Sound right? Going to use these to track down real prospects at your dream customers and map intro paths to them

• 
  Saul (@SaulSellsStuff) reported 29 minutes ago

  I solved a huge marketing and social pain point with AI. The team connects their Google Drive and Dropbox. Claude then recreates a much lighter thumbnail for speed of loads. Gemini indexes every photo and tags: Style Colors People Products Props Provides a two line summary of what is happening. The photos get bucketed. This runs every 4 hours for new photos added. Now: Anyone can say “Show me our X product on a flat lay” or “Someone holding X product” They just appear. Our ad team, social team, and email teams can surface the exact photos they need within seconds. No more file structure issues. Weird names. Losing huge photo sets. Having to remember anything. I’m using Gemini 2.0-Flash. Costs you a couple dollars for 10,000 photos.

• 
  Raziel (@tryraziel) reported 29 minutes ago

  Drew Houston was a college kid who kept forgetting his USB drive. Today Dropbox is worth $8B. Here's the brilliant strategy behind one of the most successful pivots in startup history. In 2007, Houston built a personal tool to sync files between computers. Simple problem, simple solution. But investors weren't buying it. Every VC said the same thing: "There are already 20 file storage companies. What makes you different?" Houston's breakthrough wasn't technical — it was psychological. Instead of building better storage, he realized people didn't want to think about storage at all. The magic wasn't in the cloud. It was in making the cloud invisible. The pivot: → Original idea: Online backup service (like everyone else) → New idea: Your files, everywhere, automatically → Key insight: Sync, don't store Houston spent months perfecting the demo video. No fancy features. Just a file appearing on multiple computers simultaneously. It looked like magic because it solved the real problem: friction. That video got 75,000 signups overnight. The lesson: Sometimes the billion-dollar idea isn't what you build — it's how you frame what already exists. Houston didn't invent cloud storage. He invented the feeling that your files just worked everywhere. What "obvious" problem in your daily life could be the next Dropbox?