Dropbox Users Hit with Spam Emails
Users report a spam uptick, but Dropbox says there was no hack.
Popular cloud storage company Dropbox saw another uptick in the amount of spam users reported receiving last week, leading to complaints on the company's own troubleshooting forum.
One user, who went by "Nathan G," said his Dropbox-specific email address received it's first two spam messages on Feb. 12, followed by another on Feb. 13 and one more on Feb. 27.
Some users speculated that the storage service had been hacked and that a list of customer emails may have been stolen and sold to spammers. But a company spokesman said that, from what he could tell, this wasn't the case.
"We've been looking into these spam reports, and take them seriously," a man identified as "Sean B." wrote on the forum. "At this time, we have not seen anything to suggest this is a new issue, but remain vigilant given the recent wave of security incidents at other tech companies."
Among the spam messages, users reported phishing emails dressed up to appear as if they had come from PayPal.
A previous rash of spam sent to Dropbox users last summer did result from a data breach. Invaders used ill-gotten accounts and corresponding passwords to bombard Dropbox in the U.K. and Germany. That led Dropbox to adopt a two-factor authentication protocol for added security.
The method, which is growing in popularity, requires users to prove their identities via two means. Dropbox provides two-factor authentication as an option; users enter both a password and six-digit security code.
In the meantime, the company has asked customers receiving spam in their Dropbox-specific email addresses to forward the messages to the Dropbox security team to help them get to the bottom of this.