“Always have your stuff when you need it with Dropbox.”
That’s the marketing line for the online file storage service, but today users have had difficulty logging into the service. The outages came amid reports that many European Dropbox users were being blasted with spam for online casinos, suggesting some kind of leak of Dropbox user email addresses.
The trouble began earlier today, when users on the Dropbox support forums began complaining of suddenly receiving spam at email addresses they’d created specifically for use with Dropbox. Various users in Germany, the Netherlands and United Kingdom reported receiving junk email touting online gambling sites.
Dropbox did not respond to emails seeking comment, but a forum user who self-identified as a company employee said Dropbox was investigating the reports.
At around 3 p.m. ET, the company’s service went down in a rare outage, blocking users from logging into and accessing their files and displaying an error message on dropbox.com. I will update this post in the event that the company responds to my requests or provides some explanation of what caused today’s outage and the spam.
The outage and strange spam runs follow a week of high profile password and data breaches. Yahoo! acknowledged that more than 400,000 user names and passwords to Yahoo and other companies were stolen last Wednesday. Formspring, a social question-and-answer site, reset all user passwords after it discovered that approximately 420,000 password hashes from its servers had been posted to an online forum last Monday. Androidforums.com and Billabong International also disclosed password breaches last week.
Update, 6:37 p.m. ET: Dropbox just issued the following statement about today’s events: “We‘re aware that some Dropbox users have been receiving spam to email addresses associated with their Dropbox accounts. Our top priority is investigating this issue thoroughly and updating you as soon as we can. We know it’s frustrating not to get an update with more details sooner, but please bear with us as our investigation continues.”
Update, July 20, 9:35 a.m. ET: A Dropbox administrator posted this update last night: ”
– As of today, we’ve found no intrusions into our internal systems and no unauthorized activity in Dropbox accounts. – We’ve reached out to users who’ve reported receiving spam messages and are closely investigating those reports. – Security is our top priority and we’ll let you know if we uncover evidence that these email addresses came from Dropbox.
Thanks for your patience. Investigations like this can take time and we’re working hard to get to the bottom of this.