Earlier this week,, even if they only created the account to use exclusively for the file storage service. Dropbox started investigating and even . Disappointingly, or reassuringly, depending on your point of view, this third-party group found nothing.
Drobpox employee "Graham A." posted the following updated today on the Dropbox Forums:
We wanted to give everyone another update on our investigation into the reports of spam.
- As of today, we've found no intrusions into our internal systems and no unauthorized activity in Dropbox accounts.
- We've reached out to users who've reported receiving spam messages and are closely investigating those reports.
- Security is our top priority and we'll let you know if we uncover evidence that these email addresses came from Dropbox.
Thanks for your patience. Investigations like this can take time and we're working hard to get to the bottom of this.
Although the spam is being sent to different countries in Europe, it arrives in the user's native language, suggesting this is a very coordinated attack. The spam e-mails advertise different domain names, but all of them have been created very recently, use Russian DNS servers, and are registered at Bizcn. Furthermore, all the different types of spam seems to advertise online casinos.
I speculated earlier that Dropbox could have been hacked, could have seen a leak, could have had its e-mail servers compromised, or there could just be malware on the users' systems. The company took down Dropbox between 12:35 to 12:55 PDT on Monday but an employee said the outage was unrelated.
If you think you are affected, submit a support ticket here: dropbox.com/ticket. I will update you again if Dropbox says anything else regarding the issue.