Dropbox Users Cry "Spam!" Company Investigates

ID THREATPOST:5C7697540F605F25D66F4ED27C699FA0
Type threatpost
Reporter Paul Roberts
Modified 2013-04-17T16:31:50


DropboxSupport forums frequented by users of the online storage service Dropbox were alive with reports of spam e-mail messages sent to supposedly secret, Dropbox-affiliated addresses. The reports have raised the dark spectre of a data leak at the cloud based personal storage firm.

Hundreds of Dropbox users in Germany, the UK and other countries have taken to social media site Twitter as well as online forums to report receiving spam linked to online casinos in recent days. Many say the spam is the first such message they have received in their Dropbox accounts and questioned the company about how the e-mail addresses had fallen into the hands of spammers. Dropbox acknowledged the problem and said in a post to its forums that the company is looking into the incident.

“We continue to investigate and our security team is working hard on this. We’ve also brought in a team of outside experts to make sure we leave no stone unturned,” a Dropbox administrator using the handle “Joe G.” posted early Wednesday.

The company hasn’t had any reports of unauthorized activity on Dropbox accounts, but is taking “a number of precautionary steps” to protect user data, the post read.

Many of the users complaining of receiving spam are based in German, with the spam messages also written in German. The spam e-mails purport to come from a variety of sources, many related to online gambling Web sites. They include: EU Dice Bonus, EuroGaming Palace, Premier Players Club, PP Club, Vegas Club, and so on.

While Dropbox is investigating the source of the leak, there are many competing theories. Spammers might merely be sending mail to randomly generated e-mail addresses and scoring hits.
However, the e-mail addresses targeted by the spammers include those that use the @dropbox.com domain, as well as non Dropbox e-mails that users had associated with their Dropbox account, encouraging speculation that a leak from Dropbox, itself, was the source of the problem.

This isn’t Dropbox‘s first run-in with spammers. In March, a security researcher working for Symantec Corp. reported that spammers were using a shared folders feature to distribute links to drive-by download Web sites