Dropbox Hit with New Spam Attack

Written by Sue Walsh on March 5, 2013

 

Dropbox

Dropbox users are again complaining about receiving spam at the email addresses they have registered with the service and blaming it on the data breach the popular storage service suffered last year. Users say they believe their email addresses were sold to a spammer. The messages appear to be a classic phishing attack concerning a fake financial transaction.

“Please be informed, that your most recent Direct Deposit transaction (No.243358739579) was cancelled [sic], because your business software package was out of date,” the spam said. “Please visit the secure section of our web site to see the details.”

Dropbox is again denying responsibility. They initially denied responsibility for last year’s incident as well, but an independent investigation revealed that an employee had fallen for a phishing email and turned over his login info to a cybercriminal, who used them to steal a document containing user emails. While Dropbox insists they haven’t detected any suspicious activity on their servers, they promised to conduct another investigation. It’s not clear if the people who got the spam last time are the same people who got the most recent one. If they are the same, it’s likely the scammer sold the info to another scammer.

Are you are Dropbox user who has received spam at your Dropbox registered email address? I’ve been a Dropbox user for years but to my knowledge haven’t received any spam like the one quoted above. It’s possible my ISP nuked it before it got to me though. Do you think they are covering up a serious issue or is it really just a coincidence? Leave a comment and let us know what you think!

Comments

Cass March 6, 2013

This could be a competitors’ attack at DropBox but it could be a real situation, too. However, it’s good to hear that many users use a separate email for DropBox only and this is why it’s not possible to suspect this email has been obtained from somewhere else. Isn’t it possible to change their email now, so if the leaked list is resold, their email won’t be good anymore? If spam continues even after the change and the email is for DropBox only, then it’s obvious DropBox does have a security hole to fill.

Stan March 11, 2013

The unique email address I use for Dropbox is unaffected by this attack but I think the responsible personnel or attacker must be brought to light. It will be a good gesture for the users who have been using Dropbox extensively such as business users. Me and my team uses Dropbox a lot to collaborate on project documents and we have even integrated it to GroupDocs which has been quite helpful. So I hope the cause of this attack is known sooner, than later.

Sheldon March 22, 2013

I know something like this is going to happen. Now it makes things a lot scarier. One has to remember that Dropbox was supposed to be our storage for everything—I mean everything! That’s how it positions itself to be. That’s the reason why many actually signed up for the service. So it’s supposed to be secure, and hacks should not be happening at such an early phase of its life. This incident tells you how its objectives are utterly misplaced. I wouldn’t even try to reset my password. I will immediately cancel my membership.

Dan Willard March 25, 2013

@Cass, it’s still kind of dangerous because spammers and cybercriminals know how to follow the paper trail, so to speak. For example, once they get these e-mail addresses and find out who the owners are, they can conduct more thorough research until they discover these people have other e-mail addresses.

@ Stan, you’re right there, buddy. I’m a Dropbox user myself, though not too often. Most of the documents I uploaded are not confidential at all. But anyway, it still feels uncomfortable to know that the services you’re using are vulnerable to security threats.

Teresa Midas April 2, 2013

I’ve been using Dropbox for years and although I have experienced some bugs and errors from time-to-time, I haven’t been exposed to this spam attack (thank God!). I checked my Dropbox email a couple of times, and everything seemed to be normal. It’s a scary thought, though, that I can be a victim of something that can compromise all the files and information that I dump into my Dropbox. Everything that’s in my Dropbox are valuable work materials, nothing personal but just as important. Maybe I will do what other users do and create a separate email for my Dropbox.

  • (required)
  • (required)