Dropbox finds no intrusions, continues spam investigation

After some Dropbox users started seeing a sudden increase in spam, even if they only use their e-mail address for the file storage service, Dropbox launched an investigation and even hired experts to further look into the issue. The company has posted an update on its findings so far: zip, zero, zilch.

Dropbox finds no intrusions, continues spam attack investigation

Earlier this week, users in Europe started receiving spam to their e-mail addresses associated with their Dropbox account , even if they only created the account to use exclusively for the file storage service. Dropbox started investigating and even hired experts to figure out if there has been a security breach . Disappointingly, or reassuringly, depending on your point of view, this third-party group found nothing.

Drobpox employee "Graham A." posted the following updated today on the Dropbox Forums:

We wanted to give everyone another update on our investigation into the reports of spam.

  • As of today, we've found no intrusions into our internal systems and no unauthorized activity in Dropbox accounts.
  • We've reached out to users who've reported receiving spam messages and are closely investigating those reports.
  • Security is our top priority and we'll let you know if we uncover evidence that these email addresses came from Dropbox.

Thanks for your patience. Investigations like this can take time and we're working hard to get to the bottom of this.

Although the spam is being sent to different countries in Europe, it arrives in the user's native language, suggesting this is a very coordinated attack. The spam e-mails advertise different domain names, but all of them have been created very recently, use Russian DNS servers, and are registered at Bizcn. Furthermore, all the different types of spam seems to advertise online casinos.

I speculated earlier that Dropbox could have been hacked, could have seen a leak, could have had its e-mail servers compromised, or there could just be malware on the users' systems. The company took down Dropbox between 12:35 to 12:55 PDT on Monday but an employee said the outage was unrelated.

If you think you are affected, submit a support ticket here: dropbox.com/ticket. I will update you again if Dropbox says anything else regarding the issue.

See also:

Show Comments