Dropbox points to security breach as reason for recent spam reports

Cloud storage solution Dropbox is the latest organization to feel the sting of cybercriminals, in more news that highlights the value of penetration testing and undergoing a regular security audit.

In a blog post from Dropbox engineer Aditya Agarwal published July 31, the company confirms that recent spamming incidents reported by the Dropbox user community were caused by a security breach.

"A couple weeks ago, we started getting emails from some users about spam they were receiving at email addresses used only for Dropbox. We’ve been working hard to get to the bottom of this, and want to give you an update," wrote Mr Agarwal.

A thread on the Dropbox forums concerning the spam was started two weeks ago by user David P., it now stretches ten pages long and contains more than 250 posts.

"We also received spam mails which we can trace back to our dropbox accounts. We want to urge you to look into this issue!" wrote user Frank W.

"Many more users reporting the same on Twitter," added Stefanie G.

In the aforementioned blog post, Mr Agarwal writes that a Dropbox investigation found usernames and passwords that have been recently stolen from other websites had been used to access Dropbox accounts.

Apparently one of those accounts belonged to a Dropbox employee and contained user email addresses. This is likely what caused the spam that has been reported on the Dropbox forums.

Mr Agarwal took the opportunity to remind users to make sure that they used different passwords for different accounts online in order to maximise vulnerability management.

"We’re sorry about this, and have put additional controls in place to help make sure it doesn’t happen again," wrote Mr Agarwal.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s