Security Experts:

Dropbox Continues Breach Investigation

Dropbox Still Investigating Possible Breach – Nothing Conclusive As of Yet

Dropbox, a widely popular cloud storage platform, is still investing a possible breach after users in the U.K. and the EU started receiving spam messages on accounts used exclusively for the service. The most recent update from the company asks for more time, and notes that they have found nothing yet.

Last week, Dropbox told users that they were investigating a possible breach after hearing from dozens of customers, adding that they “brought in a team of outside experts to make sure we leave no stone unturned.”

“While we haven’t had any reports of unauthorized activity on Dropbox accounts, we’ve taken a number of precautionary steps and continue to work around the clock to make sure your information is safe. We’ll continue to provide updates,” the Dropbox staffer added.

As the days ticked by, users in the U.K. and EU regions started seeing more and more spam promoting EU Dice, Euro Gaming Palace, Premier Players Club, Vegas Virtual, SP Casino, and Best2day Support. The fact that a majority of them use dedicated Dropbox accounts led to calls of a breach.

Despite outside help, Dropbox hasn’t discovered the cause of the localized spam, nor have they ruled out a breach.

“As of today, we’ve found no intrusions into our internal systems and no unauthorized activity in Dropbox accounts. We’ve reached out to users who’ve reported receiving spam messages and are closely investigating those reports...Investigations like this can take time and we’re working hard to get to the bottom of this,” a message posted to the Dropbox forum says.  

In the meantime, tensions on the Dropbox forums are running a little high, the more this drags out. Moderators are getting testy with those who complain about the lack of more detailed information, and regular users are in a constant state of debate over the likely cause of the issues.

We’ll update this story as additional developments emerge.

view counter
Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.