Security Experts:

Dropbox Related Spam Leads Some to Speculate About Breach

Cloud storage provider Dropbox, has taken on outside help in order to investigate a potential breach, which is being blamed as the reason for a sudden spike in spam directed at the service’s users.

On Wednesday, users who said that they used unique email addresses when associating with Dropbox were seeing a massive flux in spam.

InBoxes targeted by the spammer are seeing advertisements for EU Dice, Euro Gaming Palace, Premier Players Club, Vegas Virtual, SP Casino, and Best2day Support, and this is only list of the most mentioned spammed topics.

Commenting on the reports, Cloudmark said that recent data from their Global Threat Network showed 364 different domains in use by this spammer. “Some of the domains point to an IP address shared with domains that have been seen by our system in prior spam campaigns as far back as 2008. So this is a long way from a new campaign,” the anti-spam company explained.

The single connection between most of those complaining, thus fueling the speculation of a breach, is that the majority of accounts getting spammed were previously unknown to anyone but the owner and Dropbox. Based on reports, it also appears that the UK and EU users are being hit the hardest.

Early on, Dropbox suggested that shared folders or referral invites were to blame, but this changed as more and more people complained.

“We wanted to update everyone about spam being sent to email addresses associated with some Dropbox accounts. We continue to investigate and our security team is working hard on this. We’ve also brought in a team of outside experts to make sure we leave no stone unturned,” a Dropbox staffer posted to the user forums. 

“While we haven’t had any reports of unauthorized activity on Dropbox accounts, we’ve taken a number of precautionary steps and continue to work around the clock to make sure your information is safe. We’ll continue to provide updates.”

By early Thursday morning, some of the spammed domains were offline, and the number of user reports slowed down. We’ll update this story with more information when it becomes available.

view counter
Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.