Dropbox users’ email addresses possibly compromised, disclosed

Added by on July 17, 2012

A number of users of the popular file storage service Dropbox said on Tuesday that they are receiving spam messages, possibly indicating a breach.

A number of users of the popular file storage service Dropbox said on Tuesday that they are receiving spam messages on addresses they specifically configured to use to log into Dropbox.

“I can also confirm with an unique email address. I’ve received two e mails an hour ago,” said a user on the Dropbox forums. Users within Europe first started posting about the problem, yet it appears users from around the world are affected.

A larger number of users posted messages on Twitter about the issue as well.

A Twitter user posted, “My Dropbox e-mail address is now receiving spam. Has there been a security breach?”

Another user on the Dropbox forum provided a more detailed analysis of the email addresses used for Dropbox” “I can confirm that I have been spammed in German on a .de domain and am located in Germany. I doubt that the spammers simply guessed my email address. It’s not dropbox@domain.de but it’s dropbox.com@accounts.domain.de, with the subdomain accounts.domain.de being used nowhere. However, Dropbox, please post an update!”

A Dropbox representative contacted The Australian Eye with the following statement, “We’re aware that some Dropbox users have been receiving spam to email addresses associated with their Dropbox accounts. Our top priority is investigating this issue thoroughly and updating you as soon as we can. We know it’s frustrating not to get an update with more details sooner, but please bear with us as our investigation continues.”

Dropbox was unavailable for comment, it had not responded to questions in its forum, and its blog did not provide any information about this possible breach.

This could be the second security breach at Dropbox, the first occurred in January 2011 where its authentication system, the system that authorizes access, failed and exposed the details of about 100 users.

Dropbox is a free service that allows users to store and synchronize their files with their computer and mobile devices that include Apple’s iPhone and iPad, Android smartphones, and BlackBerry phones. Dropbox users can securely share files not only between their own devices, but also between other Dropbox users and users that do not have a Dropbox account.

Security breaches and disclosure of user details for services like Yahoo, Match.com, eHarmony, and others have recently been in the news. The most well-known breach is to date occurred on July 12 2012 at Yahoo! where details of about 400,000 users were posted online.