Nothing’s ever as secure as we think it is. Dropbox, having not so long ago accidentally dropped password protection on user accounts, has been receiving reports of folks receiving spam in their emails. Normally this wouldn’t be an issue — most email accounts get spam. The complicate things, the users have claimed that these accounts were unique to Dropbox; the only way for someone to be spamming them would be due to having somehow gotten the accounts from Dropbox.
And of course, Dropbox absolutely denies this. But it didn’t stop them from bringing an outside team to try and determine whether an intrusion had actually happened. After what seems like a laughably short period of four days, the following was posted to their forum:
We wanted to give everyone another update on our investigation into the reports of spam.
- As of today, we’ve found no intrusions into our internal systems and no unauthorized activity in Dropbox accounts.
- We’ve reached out to users who’ve reported receiving spam messages and are closely investigating those reports.
- Security is our top priority and we’ll let you know if we uncover evidence that these email addresses came from Dropbox.
Thanks for your patience. Investigations like this can take time and we’re working hard to get to the bottom of this.
The biggest concern here isn’t that some users happen to be getting spammed but that, somehow, someone’s managed to get hold of account details. Whether that means there’s been an intrusion is still up for debate. These kind of investigations can be notoriously laborious and yield false positives along the way. As of July 20th, though, all signs point to nothing out of the ordinary happening.
Besides, it wouldn’t be the first time someone thought they had been completely secure with their own details only to later reveal they’d done something to their own selves.
- Last year, Dropbox accidentally dropped password protection for a bit
- Did you know Dropbox has an easter egg hidden within?
- Even Valve isn’t immune to the wrath of hackers