Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Dropbox hires "outside experts" to investigate possible e-mail breach

From: InfoSec News <alerts () infosecnews org>
Date: Thu, 19 Jul 2012 03:29:21 -0500 (CDT)
http://arstechnica.com/security/2012/07/dropbox-hires-outside-experts-to-investigate-possible-e-mail-breach/

By Jon Brodkin
Ars Technica
July 18 2012
Dropbox users have been complaining for a couple of days about spam delivered to e-mail accounts they created solely to log into Dropbox. There have been no reports of unauthorized activity on Dropbox accounts, but it's happening to enough users that Dropbox is investigating the matter with its internal security team. The company has also brought in "outside experts" to find out if there has been a breach.
"We wanted to update everyone about spam being sent to e-mail addresses associated with some Dropbox accounts," a Dropbox representative told users on a support forum today. "We continue to investigate and our security team is working hard on this. We’ve also brought in a team of outside experts to make sure we leave no stone unturned. While we haven’t had any reports of unauthorized activity on Dropbox accounts, we’ve taken a number of precautionary steps and continue to work around the clock to make sure your information is safe. We’ll continue to provide updates."
The forum has six pages worth of complaints from mostly European users getting spam from "Euro Dice Exchange" and other online casinos and shady-sounding senders. While everyone gets e-mail spam, users raised a flag because the messages were often coming to accounts used only for Dropbox.
A Dropbox error one year ago left every single Dropbox account unsecured and accessible with any password for four hours. Given that Dropbox's business model depends on users trusting their data to the company, Dropbox has to be extra careful. But in this case, it's not yet certain there has been a breach. Some Dropbox users posting on the support forum and Twitter report receiving no spam, and the problem may be isolated to a small percentage of users. 

[...]


--
Learn how to be a Pen Tester, CISSP, ISSMP, or ISSAP with Expanding Security online.
Come to a free class and see how good and fun the program really is.
http://www.expandingsecurity.com/PainPill
Previous By Date Next
Previous By Thread Next

Current thread: