Reports of Dropbox-linked email address spam

Martin Brinkmann
Jul 17, 2012
Updated • Jul 18, 2012
Security
|
5

Yesterday Dropbox user David P. reported that he received a spam message to an email account that he used exclusively for Dropbox and no other service.. The spam message advertised a casino site at a recently registered domain. Quickly, other Dropbox users started to report the very same thing.  It first appeared as if only users from Germany were affected, but it since then turned out that users from the UK and the Netherlands were also receiving spam messages to email addresses that they used exclusively for Dropbox.

The spam messages target users from different countries in their native languages, and it turned out that additional websites were advertised in the messages.

When you look up the different domains used you will notice several similarities:

  • All domains seem to advertise Casino-type sites
  • They have been created in the past 24 hour period
  • They are registered to people from different countries
  • They use Russian DNS servers
  • They are registered at Bizcn

Affected Dropbox users can check the addresses that are listed in their spam messages on the following site.

Dropbox Security is currently investigating the issue but no findings have been posted as of now. At this point in time, it is not clear of it is a coordinated spam attack based on a leak, a successful hacking attempt, a malware issue on user systems, attack on email servers, or something else. Affected users are asked to submit a support ticket.

The attack itself is well organized and coordinated. As of right now, only users from Europe seem to be targeted by the spam attack.

We keep you updated as soon as we receive new information.

Update: We have received a statement from Dropbox that you find below:

We‘re aware that some Dropbox users have been receiving spam to email addresses associated with their Dropbox accounts. Our top priority is investigating this issue thoroughly and updating you as soon as we can. We know it’s frustrating not to get an update with more details sooner, but please bear with us as our investigation continues.

Advertisement

Previous Post: «
Next Post: «

Comments

  1. PLI said on July 18, 2012 at 5:56 am
    Reply

    This kind of incidents is the reason why I ALWAYS use a Spamgourmet address when registering for an online service

  2. Seban said on July 17, 2012 at 10:45 pm
    Reply

    I received 2 spam mails to my dropbox email account. The first spam ever at this account. One is from euro dice, the other from masterclub. I’m from germany too

  3. Sina said on July 17, 2012 at 9:35 pm
    Reply

    I’m from Germany and didn’t receive any spam.

    1. Martin Brinkmann said on July 17, 2012 at 10:15 pm
      Reply

      I have not received spam either.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.