Dropbox spam attack remains a mystery

The mystery of the spam afflicting Dropbox users remains unsolved as of late Wednesday. Starting on Monday, some users of the popular file-sync-and-store service started complaining about spam sent to email addresses associated only with their Dropbox accounts. Most of those affected are in Europe, as reported by The Register.

The fear is that someone accessed the Dropbox database and harvested these addresses — and it didn’t help that Dropbox went down for 20 minutes on Tuesday, sparking concerns that there was something more than spam going on.

According to an update posted to the Dropbox support forum Tuesday, the company was still working on the issue and had brought in reinforcements to help its own security team.

According to the post:

While we haven’t had any reports of unauthorized activity on Dropbox accounts, we’ve taken a number of precautionary steps and continue to work around the clock to make sure your information is safe. We’ll continue to provide updates.

We also want to let you know that the dropbox.com site outage this afternoon (from 12:35 to 12:55 PDT) was incidental and not caused by any external factor or third party.

Dropbox users were still posting reports of spam as of a few hours ago.

Snafus like this reheat the simmering debate about best practices for using cloud-based services — especially in the workplace. Dropbox claims 50-plus million people use its service for their personal photos and documents. An unknown number of those users in this BYOD era also use it at work to sync and store documents. The thought of corporate documents flowing to this consumer service gives both IT and security teams fits.

Better start prepping for a deluge of messaging from Box, Egnyte, and other companies that are pushing their cloud storage as an enterprise-ready alternative to Dropbox’s consumer-focused service.

Photo courtesy of  Flickr user allspice1