Dropbox users getting spammed, might be from earlier hack

The file-sharing site's user forum is filling up with complaints of e-mail spam, which the company believes could be related to last year's data leak.

Dara Kerr
Dara Kerr Former senior reporter
Dara Kerr was a senior reporter for CNET covering the on-demand economy and tech culture. She grew up in Colorado, went to school in New York City and can never remember how to pronounce gif.
2 min read

It looks like Dropbox may be grappling with some leftover issues from hackers' access into the system last July.

Over the past 24 hours, users have been posting on the file-sharing site's forum, saying that they're being hit with spam e-mails sent to e-mail accounts used only for Dropbox.

"My Dropbox specific email has been receiving spam since the 20th of February," Daniel B. wrote today. Richard F. wrote, "I have an internal to my company email address that I used for Dropbox only and I am getting the same fake paypal scam emails. This has been happening since about Monday."

Dropbox experienced a data leak last summer when hackers accessed usernames and passwords from third-party sites and then used them to get into Dropbox users' accounts. With this data breach, a few hundred Dropbox users received spam e-mails about online casinos and gambling sites.

The company has since put in place additional security controls with the aim to avoid a repeat occurrence, including two-factor authentication, mechanisms to identify suspicious activity, and password changes.

Rather than being a new breach, Dropbox seems to believe the current spam attack is related to what happened last July.

"We've been looking into these spam reports and take them seriously. Back in July we reported that certain user email addresses had leaked and some users had received spam as a result. At this time, we have not seen anything to suggest this is a new issue, but remain vigilant given the recent wave of security incidents at other tech companies," a Dropbox spokesperson told CNET. "We want you to know that we've taken these reports seriously and began our investigation immediately."

Despite what looks to be leftover issues from last summer, far fewer users are complaining this time around. So far, the forum only has 58 posts by 37 users, while hundreds posted on the forum last July.

The company appears to be continuing with its investigation into the issue and will most likely figure out what's happening within the next few days.