Andrew Kunesh, August 1, 2012
A few weeks back, some Dropbox users began reporting an increased spam count in emails used only for Dropbox. After the Dropbox team looked into these reports, they came back with a response, and it may not be the one you were hoping for. Dropbox has confirmed that hackers compromised some users’ account information, causing an increased flow of spam to their email accounts. However, according to a statement released by Dropbox, there has been no major impact thus far as a result of this. You can read the official statement below.
We wanted to give everyone another update on our investigation into the reports of spam.
- As of today, we’ve found no intrusions into our internal systems and no unauthorized activity in Dropbox accounts.
- We’ve reached out to users who’ve reported receiving spam messages and are closely investigating those reports.
- Security is our top priority and we’ll let you know if we uncover evidence that these email addresses came from Dropbox.
Thanks for your patience. Investigations like this can take time and we’re working hard to get to the bottom of this.
TechCrunch has reported that most users affected by this security issue were located in the U.K., Germany and the Netherlands. As of now, most of the spam is currently coming from the “Euro Dice Exchange”. Beyond this, we are unsure of how widespread this issue is, but we will make sure to keep you updated as more details arise.
Dropbox has also announced that they will be introducing new security features in the months ahead. Dropbox has announced these new features on their blog, but we have embedded the list below:
- Two-factor authentication, a way to optionally require two proofs of identity (such as your password and a temporary code sent to your phone) when signing in. (Coming in a few weeks)
- New automated mechanisms to help identify suspicious activity. We’ll continue to add more of these over time.
- A new page that lets you examine all active logins to your account.
- In some cases, we may require you to change your password. (For example, if it’s commonly used or hasn’t been changed in a long time)