The origin of the email address leak hasn't been determined

Jul 18, 2012 09:23 GMT  ·  By

Dropbox is the top cloud storage service around, at least as far as user numbers are concerned, but its security and privacy measures have come into question at times. The latest worry is an apparent leak of email addresses that users signed up with.

Dropbox is investigating the issue, but has not confirmed that it is its fault in any way. The issue arose when some users started complaining about getting spammy emails on addresses they only used to sign up for Dropbox.

Quite a lot of people complained about the same thing and they're all being targeted with spam for online casinos and gambling sites.

"We‘re aware that some Dropbox users have been receiving spam to email addresses associated with their Dropbox accounts. Our top priority is investigating this issue thoroughly and updating you as soon as we can. We know it’s frustrating not to get an update with more details sooner, but please bear with us as our investigation continues," Dropbox said in a statement.

Without any more info, there is not much to do but speculate. It may very well be that someone, somehow got its hands on a list of Dropbox email addresses.

But the location of those affected, most of them are from Europe, Germany, the Netherlands or the UK, indicates that the problem may be elsewhere.

Some forum users are speculating that it may come down to a rogue ISP or someone at the ISP sniffing for email addresses. That may be a bit farfetched.

More likely, those affected are all "suffering" from the same malware, grabbing their email addresses. Even more likely, the addresses were leaked via the Dropbox API, either a malicious app or less-than-great developers.

"We wanted to update everyone about spam being sent to email addresses associated with some Dropbox accounts. We continue to investigate and our security team is working hard on this. We’ve also brought in a team of outside experts to make sure we leave no stone unturned," Dropbox explained in the forum thread about the spam issues.

"While we haven’t had any reports of unauthorized activity on Dropbox accounts, we’ve taken a number of precautionary steps and continue to work around the clock to make sure your information is safe. We’ll continue to provide updates," it added.