Update on July 20 -
Earlier this week, Dropbox Forums:, even if they only created the account to use exclusively for the file storage service. Dropbox started investigating yesterday and now the company has announced it has hired experts to figure out if there has been a security breach. Drobpox employee "Joe G." posted the following on the
We wanted to update everyone about spam being sent to email addresses associated with some Dropbox accounts. We continue to investigate and our security team is working hard on this. We've also brought in a team of outside experts to make sure we leave no stone unturned.
While we haven't had any reports of unauthorized activity on Dropbox accounts, we've taken a number of precautionary steps and continue to work around the clock to make sure your information is safe. We'll continue to provide updates.
We also want to let you know that the dropbox.com site outage this afternoon (from 12:35 to 12:55 PDT) was incidental and not caused by any external factor or third party.
Although the spam is being sent to different countries in Europe, it arrives in the user's native language, suggesting this is a very coordinated attack. The spam e-mails advertise different domain names, but all of them have been created very recently, use Russian DNS servers, and are registered at Bizcn. Furthermore, all the different types of spam seems to advertise online casinos.
Here is what I wrote about what could be happening yesterday:
It's too early to say what is causing this issue. Dropbox could have been hacked, could have seen a leak, could have had its e-mail servers compromised, or there could just be malware on the users' systems. I would argue it's not the last one, and it could possibly be the first one, especially given that the company took down Dropbox between 12:00PM PST and 1:00PM PST today.
Dropbox is now saying the outage is unrelated. If you think you are affected, submit a support ticket here: dropbox.com/ticket. I will update you once I hear more from Dropbox in regards to the issue.
Update on July 20 -