Dropbox users claim their email addresses have been leaked

Uh, oh. Just a day after Dropbox proudly announced it records one billion uploads per day, users are alleging that their email IDs have been compromised, resulting in them receiving spam messages.

A user going by the alias Forrest F posted on the Dropbox forum asking why his email id had been given out. "You guys leaked or gave out my email. Why?" he demanded.

Forrest was answered by a moderator who said, “A lot of spammers try hit and miss techniques, and you're likely just a random victim rather than a whole mass leak of tons of DB users' emails.”

Forrest refuted the moderator’s claim and told him that he was using an alias—a separate email id created for the sole purpose of signing up for a service—and was starting to get spam on it. Soon enough, a lot of other users on the forum and Twitter also started complaining about the same issue. From the posts, it seems the spam started appearing in email accounts around February 20.

A threat to existing cloud storage services

Spam Attack!


A Dropbox employee then posted a more concerned response to the issue. “We’ve been looking into these spam reports and take them seriously. Back in July we reported that certain user email addresses had leaked and some users had received spam as a result. At this time, we have not seen anything to suggest this is a new issue, but remain vigilant given the recent wave of security incidents at other tech companies. If you’ve received spam to an email account you only use for Dropbox, please send the message (including full headers) to support-security@dropbox.com to help our ongoing investigation.”

The employee also apologised for the dismissive response of some of the volunteer moderators and disclaimed that they were not employed by Dropbox and don’t have visibility into such matters.

In July last year Dropbox had confirmed that a small slice of its users had been affected by hackers trying to harvest email ids. The spam sent at the time was related to online casinos and gambling sites. Dropbox put in place stringent measures like two-factor authentication and a new page to examine active logins associated with accounts to deter further attacks, but it looks like the spam is starting all over again.

Dropbox CEO Drew Houston recently bragged about the service doing really well with a billion files being uploaded to it everyday. He was speaking at MWC, trying to convince mobile carriers and device manufacturers to tie-up with Dropbox. The complaints pouring in today are definitely not going to help Houston make his case.

Published Date: Mar 01, 2013 11:24 am | Updated Date: Mar 01, 2013 11:24 am