Lately some of the Dropbox users have started reporting that their personal accounts have been hit by spam. In addition, some of the users reported that they use the e-mail address only for their Dropbox account, which means that in their cases the malware attack is related exclusively to their Dropbox account. In other words, the Dropbox users that created their account by using an e-mail which they haven’t used anywhere else up until then were affected by an address leak from Dropbox.
However, this might not be entirely true because in some cases the spambots simply try random e-mail addresses until they get a hit. Another situation can be when the user of a computer has malware on the hard drive that has managed to capture their e-mail via other methods, such as a keylogger. A possible source of the problem could also be a third-party application that integrates with Dropbox. According to company officials, they are doing everything they can to fix this problem as soon as possible.
The complaints coming from users were first seen on the Dropbox forums and it seems that the first affected users were the ones from Germany. A large part of the spam comes from a spammer that goes by the alias of “Euro Dice Exchange”, but there are other users that received other types of spam messages, including users that live outside Germany, in countries such as the United Kingdom or the Netherlands.
There is a bit of concern among Internet users because Dropbox isn’t the only website affected recently by spam as Yahoo! and Nvidia users have also reported password hacks and suspect accounts. In July, 2012, the account of Mitt Romney, a U.S. presidential candidate was reported to have been hacked, while in 2011 Dropbox had a dispute with security researcher Christopher Soghoian who stated that even though Dropbox employed file encryption, this was easy to be unlocked by the employees. Later that year, Christopher Soghoian publicized another issue which for a brief period of time allowed some of the Dropbox users to log into virtually any account by using any password.
On 17 July, 2012, there was a short 20-minute outage but Dropbox stated that this wasn’t related to the e-mail address leak problems. This outage was mostly limited to the users living in Europe. To try and detect how these spam issues occurred, Dropbox announced that they have brought a team of outside experts but up until now there weren’t any reports of unauthorized activity on accounts. One of the Dropbox users mentioned that the moment he noticed that his account was hit by spam he immediately closed it and opened a new one by using the same e-mail address which he hadn’t used for anything else. His new account was also hit by spam right away.
Hopefully, soon enough the experts at Dropbox will detect the source of this spam problems and will fix the issues right away, making the cloud storage service more secure for its users that upload important files on their accounts believing that these files will not be the target of malware.
Image source: http:[email protected]/7642084484/in/photostream