European Dropbox account holders have been subjected to a spam attack urging their participation in online casino gambling. Many users are quite sure that Dropbox is the source of some kind of leak as email accounts exclusively created to sign up with the service were targeted by the spammers. Dropbox has reassured users that there have been no reports of unauthorised account access and the company has taken some precautions to keep user information safe while investigations progress.
In a double whammy for Dropbox users there was also a service outage for half an hour yesterday afternoon (Pacific Daylight Time, GMT-8). This outage is nothing to do with the spam problem or the investigation into the spam problem according to a Dropbox employee who posted on the company’s forums a few hours ago. The employee Joe G. made the following statement;
“We wanted to update everyone about spam being sent to email addresses associated with some Dropbox accounts. We continue to investigate and our security team is working hard on this. We’ve also brought in a team of outside experts to make sure we leave no stone unturned.
While we haven’t had any reports of unauthorized activity on Dropbox accounts, we’ve taken a number of precautionary steps and continue to work around the clock to make sure your information is safe. We’ll continue to provide updates.
We also want to let you know that the dropbox.com site outage this afternoon (from 12:35 to 12:55 PDT) was incidental and not caused by any external factor or third party. Joe”
There is a possibility that a third part app that integrates with Dropbox has spilled the user email details. Many users will be more worried about the security of their Dropbox contents than these spam emails and hopefully this current bad news will make sure Dropbox fills any security cracks or holes in their popular service before they are exploited further.
How Dropbox changed during the outage
The latest update we can find from the Dropbox team appears on the KrebsOnSecurity blog which offers up a statement ending “Our top priority is investigating this issue thoroughly and updating you as soon as we can. We know it’s frustrating not to get an update with more details sooner, but please bear with us as our investigation continues.” If you have any information for the Dropbox team, to help in their investigations, please forward it to security@dropbox.com.
