Dropbox users suffer outage and spam attack

by Mark Tyson on 18 July 2012, 13:30

Quick Link: HEXUS.net/qabjsn

Add to My Vault: x

European Dropbox account holders have been subjected to a spam attack urging their participation in online casino gambling. Many users are quite sure that Dropbox is the source of some kind of leak as email accounts exclusively created to sign up with the service were targeted by the spammers. Dropbox has reassured users that there have been no reports of unauthorised account access and the company has taken some precautions to keep user information safe while investigations progress.

In a double whammy for Dropbox users there was also a service outage for half an hour yesterday afternoon (Pacific Daylight Time, GMT-8). This outage is nothing to do with the spam problem or the investigation into the spam problem according to a Dropbox employee who posted on the company’s forums a few hours ago. The employee Joe G. made the following statement;

“We wanted to update everyone about spam being sent to email addresses associated with some Dropbox accounts. We continue to investigate and our security team is working hard on this. We’ve also brought in a team of outside experts to make sure we leave no stone unturned.

While we haven’t had any reports of unauthorized activity on Dropbox accounts, we’ve taken a number of precautionary steps and continue to work around the clock to make sure your information is safe. We’ll continue to provide updates.

We also want to let you know that the dropbox.com site outage this afternoon (from 12:35 to 12:55 PDT) was incidental and not caused by any external factor or third party. Joe”

There is a possibility that a third part app that integrates with Dropbox has spilled the user email details. Many users will be more worried about the security of their Dropbox contents than these spam emails and hopefully this current bad news will make sure Dropbox fills any security cracks or holes in their popular service before they are exploited further.

How Dropbox changed during the outage

The latest update we can find from the Dropbox team appears on the KrebsOnSecurity blog which offers up a statement ending “Our top priority is investigating this issue thoroughly and updating you as soon as we can. We know it’s frustrating not to get an update with more details sooner, but please bear with us as our investigation continues.” If you have any information for the Dropbox team, to help in their investigations, please forward it to security@dropbox.com.

HEXUS Forums :: 8 Comments

Login with Forum Account

Don't have an account? Register today!
Posted by deleted - Wed 18 Jul 2012 13:40
Chuck all your stuff on the Cloud, it's bound to be safe and you won't have to worry about it then.

People have many illusions about IT. Like the one where data centre staff are all well paid, highly conscientious and trustworthy individuals. Some undoubtedly are but it only takes one to rape your data by accident or design…Just ask Nat West.
Posted by deleted - Wed 18 Jul 2012 14:11
So that's why my junk folder has a lot more casino invites in it!
Posted by deleted - Wed 18 Jul 2012 14:21
Hmm, I'm missing out then - I'm a Dropbox user (recently - thanks to that 50GB partner deal with Samsung) and I've not received any of these emails. Unless, of course, Mr Google (it's a gmail account I used) has seen fit to recognise these as spam and zap ‘em for me.

That said, I’ve been very careful to not use any 3rd party apps with Dropbox, so if the leak is there then I should be “safe”.
Posted by deleted - Wed 18 Jul 2012 15:18
I love you Dropbox.
Posted by deleted - Wed 18 Jul 2012 15:30
I'm very happy I use SkyDrive. Fortunately, Microsoft has yet to be targeted by ‘the hackers’. Famous last words…

SEE NEWER »