Blog Post

Dropbox spam attack remains a mystery

Stay on Top of Enterprise Technology Trends

Get updates impacting your industry from our GigaOm Research Community
Join the Community!

The mystery of the spam afflicting Dropbox users remains unsolved as of late Wednesday. Starting on Monday, some users of the popular file-sync-and-store service started complaining about spam sent to email addresses associated only with their Dropbox accounts. Most of those affected are in Europe, as reported by The Register.

The fear is that someone accessed the Dropbox database and harvested these addresses — and it didn’t help that Dropbox went down for 20 minutes on Tuesday, sparking concerns that there was something more than spam going on.

According to an update posted to the Dropbox support forum Tuesday, the company was still working on the issue and had brought in reinforcements to help its own security team.

According to the post:

While we haven’t had any reports of unauthorized activity on Dropbox accounts, we’ve taken a number of precautionary steps and continue to work around the clock to make sure your information is safe. We’ll continue to provide updates.

We also want to let you know that the site outage this afternoon (from 12:35 to 12:55 PDT) was incidental and not caused by any external factor or third party.

Dropbox users were still posting reports of spam as of a few hours ago.

Snafus like this reheat the simmering debate about best practices for using cloud-based services — especially in the workplace. Dropbox claims 50-plus million people use its service for their personal photos and documents. An unknown number of those users in this BYOD era also use it at work to sync and store documents. The thought of corporate documents flowing to this consumer service gives both IT and security teams fits.

Better start prepping for a deluge of messaging from Box, Egnyte, and other companies that are pushing their cloud storage as an enterprise-ready alternative to Dropbox’s consumer-focused service.

Photo courtesy of  Flickr user allspice1

3 Responses to “Dropbox spam attack remains a mystery”

  1. Cloud_Zone

    Will the problems at Dropbox (whatever they actually are) make businesses take Shadow IT seriously as a problem? I am one of those mentioned in the article which has ‘fits’ about it and goodness knows I’m not the only one having them ( I hope they will but my suspicion is they won’t. It seems that despite the human ability to engage in foresight and planning we really don’t like doing it. We much prefer to carry on with our heads in the sand and hope everything will be alright before running around panicking and pointing fingers of blame at each other when things go wrong. And when we do actually prepare for a problem which we can see coming (Y2K for example) we don’t say it was a job well done, just that it wasn’t such a big problem anyway. That is why, as the person responsible for Information Governance within my organisation, I will continue to throw those fits until someone actually listens to me or I get fired for something happening which I wasn’t allowed to stop.

    • Timothy Weaver

      The ship has sailed. As each IT service becomes a commodity, end users will inevitably go out and choose their own solution based on their own impression of the best one. Only in the most extreme situations (financial, government top secret) will an organization or user population accept anything different. If you aren’t gluing USB ports on your computers today, you’ve already decided that data security is not the highest priority.

    • this is a continuing saga. I feel bad for IT pros who have to deal with this — especially becuase of the vendor pitches they’ll be getting from every VDI, NAC, insert-technology-here company pitches their own products as solutions to what is an intractable problem. Not sure how anyone can stop employees from using personal devices (and consumer services) at work.