Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Dropbox Continues Breach Investigation

Dropbox Still Investigating Possible Breach – Nothing Conclusive As of Yet

Dropbox, a widely popular cloud storage platform, is still investing a possible breach after users in the U.K. and the EU started receiving spam messages on accounts used exclusively for the service. The most recent update from the company asks for more time, and notes that they have found nothing yet.

Dropbox Still Investigating Possible Breach – Nothing Conclusive As of Yet

Dropbox, a widely popular cloud storage platform, is still investing a possible breach after users in the U.K. and the EU started receiving spam messages on accounts used exclusively for the service. The most recent update from the company asks for more time, and notes that they have found nothing yet.

Last week, Dropbox told users that they were investigating a possible breach after hearing from dozens of customers, adding that they “brought in a team of outside experts to make sure we leave no stone unturned.”

“While we haven’t had any reports of unauthorized activity on Dropbox accounts, we’ve taken a number of precautionary steps and continue to work around the clock to make sure your information is safe. We’ll continue to provide updates,” the Dropbox staffer added.

As the days ticked by, users in the U.K. and EU regions started seeing more and more spam promoting EU Dice, Euro Gaming Palace, Premier Players Club, Vegas Virtual, SP Casino, and Best2day Support. The fact that a majority of them use dedicated Dropbox accounts led to calls of a breach.

Despite outside help, Dropbox hasn’t discovered the cause of the localized spam, nor have they ruled out a breach.

“As of today, we’ve found no intrusions into our internal systems and no unauthorized activity in Dropbox accounts. We’ve reached out to users who’ve reported receiving spam messages and are closely investigating those reports…Investigations like this can take time and we’re working hard to get to the bottom of this,” a message posted to the Dropbox forum says.  

Advertisement. Scroll to continue reading.

In the meantime, tensions on the Dropbox forums are running a little high, the more this drags out. Moderators are getting testy with those who complain about the lack of more detailed information, and regular users are in a constant state of debate over the likely cause of the issues.

We’ll update this story as additional developments emerge.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...