Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Dropbox Related Spam Leads Some to Speculate About Breach

Cloud storage provider Dropbox, has taken on outside help in order to investigate a potential breach, which is being blamed as the reason for a sudden spike in spam directed at the service’s users.

On Wednesday, users who said that they used unique email addresses when associating with Dropbox were seeing a massive flux in spam.

InBoxes targeted by the spammer are seeing advertisements for EU Dice, Euro Gaming Palace, Premier Players Club, Vegas Virtual, SP Casino, and Best2day Support, and this is only list of the most mentioned spammed topics.

Cloud storage provider Dropbox, has taken on outside help in order to investigate a potential breach, which is being blamed as the reason for a sudden spike in spam directed at the service’s users.

On Wednesday, users who said that they used unique email addresses when associating with Dropbox were seeing a massive flux in spam.

InBoxes targeted by the spammer are seeing advertisements for EU Dice, Euro Gaming Palace, Premier Players Club, Vegas Virtual, SP Casino, and Best2day Support, and this is only list of the most mentioned spammed topics.

Commenting on the reports, Cloudmark said that recent data from their Global Threat Network showed 364 different domains in use by this spammer. “Some of the domains point to an IP address shared with domains that have been seen by our system in prior spam campaigns as far back as 2008. So this is a long way from a new campaign,” the anti-spam company explained.

The single connection between most of those complaining, thus fueling the speculation of a breach, is that the majority of accounts getting spammed were previously unknown to anyone but the owner and Dropbox. Based on reports, it also appears that the UK and EU users are being hit the hardest.

Early on, Dropbox suggested that shared folders or referral invites were to blame, but this changed as more and more people complained.

“We wanted to update everyone about spam being sent to email addresses associated with some Dropbox accounts. We continue to investigate and our security team is working hard on this. We’ve also brought in a team of outside experts to make sure we leave no stone unturned,” a Dropbox staffer posted to the user forums. 

“While we haven’t had any reports of unauthorized activity on Dropbox accounts, we’ve taken a number of precautionary steps and continue to work around the clock to make sure your information is safe. We’ll continue to provide updates.”

By early Thursday morning, some of the spammed domains were offline, and the number of user reports slowed down. We’ll update this story with more information when it becomes available.

Written By

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.