Over the weekend, while syncing a database to Dropbox, a little system-like window popped up, telling me that Dropbox needed my computer password. Never saw that message before, but okay…
Bad, bad idea. Next thing I know, my user account has been deleted (not disabled, deleted at the system level) and I’m locked out of my own machine. Time to spend the next few hours wiping the hard drive and restoring from a backup.
To be clear, there is no evidence that this was DevonThink-related, or even Dropbox-related, except that it happened while using both programs. I didn’t find anything suspicious in either the sync store or Dropbox when examined from another machine. But both the window and the timing were convincing enough to lure me in, so this is posted as a warning for others.
Did you happen to have a browser open in the background? Malicious sites can send popups that look legitimate. And it’s hard to tell what a “malicious site” is. Of course, it’s never a good idea to give out a password unless one has done something explicitly that would expect a password request.
I did have a browser open, and it’s easier to believe a malicious pop-up than that an attacker was able to co-opt Dropbox itself. On the other hand, having the pop-up exactly coincide with a sync operation does tend to point to a Dropbox connection. (And made the request much more believable.)
