BreachExchange mailing list archives
Dropbox hires "outside experts" to investigate possible e-mail breach
From: security curmudgeon <jericho () attrition org>
Date: Thu, 19 Jul 2012 16:33:46 -0500 (CDT)
---------- Forwarded message ---------- From: InfoSec News <alerts () infosecnews org> http://arstechnica.com/security/2012/07/dropbox-hires-outside-experts-to-investigate-possible-e-mail-breach/ By Jon Brodkin Ars Technica July 18 2012 Dropbox users have been complaining for a couple of days about spam delivered to e-mail accounts they created solely to log into Dropbox. There have been no reports of unauthorized activity on Dropbox accounts, but it's happening to enough users that Dropbox is investigating the matter with its internal security team. The company has also brought in "outside experts" to find out if there has been a breach. "We wanted to update everyone about spam being sent to e-mail addresses associated with some Dropbox accounts," a Dropbox representative told users on a support forum today. "We continue to investigate and our security team is working hard on this. We?ve also brought in a team of outside experts to make sure we leave no stone unturned. While we haven?t had any reports of unauthorized activity on Dropbox accounts, we?ve taken a number of precautionary steps and continue to work around the clock to make sure your information is safe. We?ll continue to provide updates." The forum has six pages worth of complaints from mostly European users getting spam from "Euro Dice Exchange" and other online casinos and shady-sounding senders. While everyone gets e-mail spam, users raised a flag because the messages were often coming to accounts used only for Dropbox. A Dropbox error one year ago left every single Dropbox account unsecured and accessible with any password for four hours. Given that Dropbox's business model depends on users trusting their data to the company, Dropbox has to be extra careful. But in this case, it's not yet certain there has been a breach. Some Dropbox users posting on the support forum and Twitter report receiving no spam, and the problem may be isolated to a small percentage of users. [...] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- Dropbox hires "outside experts" to investigate possible e-mail breach security curmudgeon (Jul 19)