Dropbox hires team of outside experts to investigate spam attack

Summary:Some Dropbox users have started seeing a sudden increase in spam, even if they only use their e-mail address for the file storage service. Dropbox launched an investigation and now even hired experts to further look into the issue.

Update on July 20 - Dropbox finds no intrusions, continues spam investigation

Dropbox hires team of outside experts to investigate spam attack

Earlier this week, users in Europe started receiving spam to their e-mail addresses associated with their Dropbox account , even if they only created the account to use exclusively for the file storage service. Dropbox started investigating yesterday and now the company has announced it has hired experts to figure out if there has been a security breach. Drobpox employee "Joe G." posted the following on the Dropbox Forums:

We wanted to update everyone about spam being sent to email addresses associated with some Dropbox accounts. We continue to investigate and our security team is working hard on this. We've also brought in a team of outside experts to make sure we leave no stone unturned.

While we haven't had any reports of unauthorized activity on Dropbox accounts, we've taken a number of precautionary steps and continue to work around the clock to make sure your information is safe. We'll continue to provide updates.

We also want to let you know that the dropbox.com site outage this afternoon (from 12:35 to 12:55 PDT) was incidental and not caused by any external factor or third party.

Although the spam is being sent to different countries in Europe, it arrives in the user's native language, suggesting this is a very coordinated attack. The spam e-mails advertise different domain names, but all of them have been created very recently, use Russian DNS servers, and are registered at Bizcn. Furthermore, all the different types of spam seems to advertise online casinos.

Here is what I wrote about what could be happening yesterday:

It's too early to say what is causing this issue. Dropbox could have been hacked, could have seen a leak, could have had its e-mail servers compromised, or there could just be malware on the users' systems. I would argue it's not the last one, and it could possibly be the first one, especially given that the company took down Dropbox between 12:00PM PST and 1:00PM PST today.

Dropbox is now saying the outage is unrelated. If you think you are affected, submit a support ticket here: dropbox.com/ticket. I will update you once I hear more from Dropbox in regards to the issue.

Update on July 20 - Dropbox finds no intrusions, continues spam investigation

See also:

Topics: Security, Data Centers


Emil is a freelance journalist writing for CNET and ZDNet. Over the years, he has covered the tech industry for multiple publications, including Ars Technica, Neowin, and TechSpot.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.