Continuing investigations by outside security firm have not revealed anything.
The problems being reported with Dropbox where email addresses used by clients exclusively for Dropbox use are now receiving email spam is continuing. There has not been much information from Dropbox, though the forums are flowing with comments from everyone as to what they think the problem is behind this. Dropbox itself is not releasing much of any information and pretty much leaving everyone in the dark about it. The one thing you can determine from reading through the posts is that this reported “security breach” is pretty much limited to Dropbox account in Europe and not the US. That does not provide any more confidence that things are secure.
We reported on the hiring of security experts a few days ago and not much has been revealed by Dropbox. They have not even provided the name of the company they have engaged to help them try and figure out what has happened. About the only thing which has come out is a post on the forums which looks to be from someone who works at Dropbox.
From Graham A. “Dropboxer”
We wanted to give everyone another update on our investigation into the reports of spam.
- As of today, we’ve found no intrusions into our internal systems and no unauthorized activity in Dropbox accounts.
- We’ve reached out to users who’ve reported receiving spam messages and are closely investigating those reports.
- Security is our top priority and we’ll let you know if we uncover evidence that these email addresses came from Dropbox.
Thanks for your patience. Investigations like this can take time and we’re working hard to get to the bottom of this.
This is not a public announcement and one that took some digging to find in reading through the forum. They are trying to reassure everyone by saying they have not found any intrusion or unauthorized activities to date. That does not mean they did not happen, just that they have not been able to find any. They still have not concluded their investigation and we hope that it is determined conclusively that there were not security breaches into the Dropbox systems.
Things are still pretty much up in the air as to exactly what is going on with the spam emails sent to European Dropbox users. It is obvious that email addresses where gathered and turned over to some group which then sent the spam. Whether Dropbox has servers in Europe that contain the email addresses of accounts there is unknown, but could very well be the case. We just do not know what is going on. Another situation could be an employee who has gathered email addresses and sold them for money. At the moment, that appears to be the one I would like to have be the reason behind all of this. It would mean that no one hacked their systems, but rather an employee. While it is very bad that email addresses are being used for spam, knowing that an employee took this would provide confidence that Dropbox systems are secure.
Investigations like this take a long time and like the Sony investigation over a year ago, the lack of information caused problems for Sony. At the moment, Dropbox is not revealing very much. It could be the investigation is closing in on who is responsible for this and they do not want to reveal what they are doing. Let’s hope that is the case and this will all be resolved and revealed shortly.
The best outcome is that an employee is behind this and the Dropbox systems are secure.