Dropbox Investigating Spam Campaign and Possible Breach

Written by Sue Walsh on July 19, 2012

 

Dropbox is wasting no time in investigating a mysterious flood of spam hitting its European
users.

The complaints started coming in on Tuesday from users who said their inboxes were being flooded with spam that was advertising online gambling sites. The users say the accounts being spammed are ones linked to their Dropbox accounts and with so many complaints, Dropbox called in outside investigators to help track down the culprit. The flood of spam is so severe some users reported getting as much as one spam message a minute. Dropbox stated: 

“We know it’s frustrating not to get an update with more details sooner, but please bear with us as our investigation continues.”

Some users speculated on the company’s forums that perhaps the spam is the result of an as of yet undetected data breach. If this is the case it would be a PR nightmare for Dropbox, which prides itself on keeping its user’s data secure. The site holds a massive amount of data from photos to personal documents. It seems they are worried enough about a possible compromise to have brought in the big guns. So far they haven’t found any evidence of unauthorized activity

I am an avid Dropbox user and hope a more benign explanation is found. Again, please note that at this point this issue is only affecting European users.

Do you think cloud storage services are inherently unsafe? Will the cloud be the next big target for cybercriminals? Why so or why not?

Comments

Jessica Craig July 21, 2012

It smells very much like a security breach. Good for them they reacted so fast and even better – they obviously separate their data into regions, so when a breach does occur, hackers don’t get all the data but only data pertaining to a given region. What’s worrying here is that if there is a breach, all the documents stored with them are also at risk.

Sione Dranger July 23, 2012

Damage control. That’s what each company should do when there is a data breach. I have heard so much of those data breaches even in the most reliable brands that this does not seem so surprising anymore.

And if I may add, those companies should also go on an offensive against those hackers. Make it hurt for them. Things are these should never be taken lightly, especially since a good number of users rely so much on the service and upload even sensitive information to the cloud.

The cloud does have its risks. But, it is the most convenient service there is. I don’t see it going away, or losing relevance soon. Convenience and security, however, should be balanced.

  • (required)
  • (required)