Dropbox investigating why its users are being spammed
Update on July 18 - Dropbox hires team of outside experts to investigate spam attack
A number of Dropbox users this week noticed they have started receiving spam to their e-mail addresses. Worse yet, even those users who created e-mail addresses to use exclusively for the file storage service are seeing spam.
Yesterday, a user by the name of "David P." posted a thread titled "Email-Address leaked from Dropbox" on the Dropbox forums outlining the issue:
Hello,
since today, I receive spam from www.grandeurodiceexchange.com to an email address, that is in use at dropbox only (like dropbox1234567@mydomain.com).
So I guess you have a security problem with your useraccount data. And this sucks a lot.
Since then, the thread has erupted with other users coming in to confirm they are seeing something similar on their own accounts. At the time of writing, there have been over 100 responses.
It first appeared as if only users from Germany were affected, but it has quickly come to light that users from the U.K. and the Netherlands have also been getting spammed. In fact, the spam messages are targeting only European users. Interestingly though, although the spam is being sent to different countries, it comes in the user's native language, suggesting this is a very coordinated attack.
Given how many users responded to the thread, Dropbox had no choice but to look into the matter. It's good to see that the company is taking the reports seriously.
"We're aware that some Dropbox users have been receiving spam to email addresses associated with their Dropbox accounts," a Dropbox spokesperson said in a statement. "Our top priority is investigating this issue thoroughly and updating you as soon as we can. We know it's frustrating not to get an update with more details sooner, but please bear with us as our investigation continues."
Looking at the different domain names being sent out in the spam e-mails, there are some obvious similarities worth noting. All the domains were created in the last 24 hours or so, use Russian DNS servers, and are registered at Bizcn. Furthermore, all the different types of spam seems to advertise online casinos.
It's too early to say what is causing this issue. Dropbox could have been hacked, could have seen a leak, could have had its e-mail servers compromised, or there could just be malware on the users' systems. I would argue it's not the last one, and it could possibly be the first one, especially given that the company took down Dropbox between 12:00PM PST and 1:00PM PST today.
I do not have any proof and am solely basing this on the slew of attacks in the last few months. Here's a quick list, in no particular order: LinkedIn, eHarmony, Last.fm, Yahoo, Android Forums, Billabong, Formspring, and Nvidia.
Hopefully Dropbox won't be added to the list. If you think you are affected, submit a support ticket here: dropbox.com/ticket. I will update you once I hear more from Dropbox in regards to the issue.
Update on July 18 - Dropbox hires team of outside experts to investigate spam attack
See also:
- Apple iOS in-app purchases hacked; everything is free (video)
- Android Forums hacked: 1 million user credentials stolen
- Yahoo fixes flaw behind 450,000 account hack
- The top 10 passwords from the Yahoo hack: Is yours one of them?
- Nvidia confirms hackers swiped up to 400,000 user accounts
- Minecraft account impersonation security flaw disclosed, fixed