Cloud storage provider Dropbox, has taken on outside help in order to investigate a potential breach, which is being blamed as the reason for a sudden spike in spam directed at the service’s users.
On Wednesday, users who said that they used unique email addresses when associating with Dropbox were seeing a massive flux in spam.
InBoxes targeted by the spammer are seeing advertisements for EU Dice, Euro Gaming Palace, Premier Players Club, Vegas Virtual, SP Casino, and Best2day Support, and this is only list of the most mentioned spammed topics.
Commenting on the reports, Cloudmark said that recent data from their Global Threat Network showed 364 different domains in use by this spammer. “Some of the domains point to an IP address shared with domains that have been seen by our system in prior spam campaigns as far back as 2008. So this is a long way from a new campaign,” the anti-spam company explained.
The single connection between most of those complaining, thus fueling the speculation of a breach, is that the majority of accounts getting spammed were previously unknown to anyone but the owner and Dropbox. Based on reports, it also appears that the UK and EU users are being hit the hardest.
Early on, Dropbox suggested that shared folders or referral invites were to blame, but this changed as more and more people complained.
“We wanted to update everyone about spam being sent to email addresses associated with some Dropbox accounts. We continue to investigate and our security team is working hard on this. We’ve also brought in a team of outside experts to make sure we leave no stone unturned,” a Dropbox staffer posted to the user forums.
“While we haven’t had any reports of unauthorized activity on Dropbox accounts, we’ve taken a number of precautionary steps and continue to work around the clock to make sure your information is safe. We’ll continue to provide updates.”
By early Thursday morning, some of the spammed domains were offline, and the number of user reports slowed down. We’ll update this story with more information when it becomes available.
More from Steve Ragan
- Anonymous Claims Attack on IP Surveillance Firm Brickcom, Leaks Customer Data
- Workers Don’t Trust Employers with Personal Data: Survey
- Root SSH Key Compromised in Emergency Alerting Systems
- Morningstar Data Breach Impacted 184,000 Clients
- Microsoft to Patch Seven Flaws in July’s Patch Tuesday
- OpenX Addresses New Security Flaws with Latest Update
- Ubisoft Breached: Users Urged to Change Passwords
- Anonymous Targets Anti-Anonymity B2B Firm Relead.com
Latest News
- Malicious NuGet Packages Used to Target .NET Developers
- Google Pixel Vulnerability Allows Recovery of Cropped Screenshots
- Organizations Notified of Remotely Exploitable Vulnerabilities in Aveva HMI, SCADA Products
- Ferrari Says Ransomware Attack Exposed Customer Data
- Aembit Scores $16.6M Seed Funding for Workload IAM Technology
- Millions Stolen in Hack at Cryptocurrency ATM Manufacturer General Bytes
- Waterfall Security, TXOne Networks Launch New OT Security Appliances
- Hitachi Energy Blames Data Breach on Zero-Day as Ransomware Gang Threatens Firm
