Dropbox investigating user reports of spam emails, sounds similar to last year’s security breach

dropbox login hackedSome members of cloud storage site Dropbox have been complaining about receiving spam messages to email addresses linked to their account, a situation reminiscent of an incident last year involving the theft of a number of emails and passwords belonging to Dropbox users.

A thread that started on the Dropbox forum on Thursday began filling with complaints from users claiming that for the last week or so inboxes of Dropbox-linked email accounts have been receiving spam. The fact that the spam appears to be arriving in different inboxes in such a tight time period will be of particular concern to Dropbox, as it could suggest an information leak or theft.

“My Dropbox specific email has been receiving spam since the 20th of February,” wrote one. “Received spam to my unique email address for Dropbox the last two days,” said another. Fake PayPal emails were mentioned in several of the posts.

Dropbox’s Sean Byrne took to the forum to reassure concerned users that the company was taking the reports seriously and investigating the cause.

“Back in July we reported that certain user email addresses had leaked and some users had received spam as a result,” Byrne wrote. “At this time, we have not seen anything to suggest this is a new issue, but remain vigilant given the recent wave of security incidents at other tech companies.”

To help with its investigation, Byrne urged users who receive spam to a Dropbox-linked account to send the message, including full headers, to support-security@dropbox.com.

At the time of writing, it seems the current issue is not on the scale of last July’s problem. Indeed, considering Dropbox has more than 100 million users, this may be nothing to worry about, but the company will nevertheless want to discover the cause and be sure it’s not the start of something more serious.

Following the 2012 security breach, the San Francisco-based start-up introduced new security features to better protect user accounts. A slew of big-name tech companies have suffered at the hands of hackers in recent weeks, including Microsoft, Apple and Facebook.

Get our Top Stories delivered to your inbox: