Many Dropbox users are reporting that they’re being bombarded by spam e-mails. This led users to believe that Dropbox was once again hacked, like last year when hundreds of users were receiving spam emails to email accounts only used for their Dropbox account. A spokesman from Dropbox has stated that it’s not the same this time around, and assured users that its service wasn’t hacked.
Many users took to Dropbox’s support forums and stated that many of their Dropbox-exclusive e-mail accounts were compromised. They are receiving phishing e-mails from fake LinkedIn and PayPal e-mail addresses, as well as “offers” from casinos and gambling sites. The PayPal phishing e-mails are more frightening because they appear very similar to real PayPal transaction e-mails, and to the unaware user, could result in their computers being infected by malware.
Dropbox states that this attack may have been a long, postponed effect from its previous security compromise last July. The attacks doesn’t seem as widespread as they were last year, but then again, more affected users can come forward and post their own reports soon.
If you believe you’re one of the affected users, Dropbox encourages you to forward the spam emails to their support e-mail address. A spokesperson for Dropbox stated, “If you’ve received spam to an email account you only use for Dropbox, please send the message (including full headers) to firstname.lastname@example.org to help our ongoing investigation.” It is also suggested that you change your e-mail password as well as your Dropbox password.