[ISN] Dropbox hires "outside experts" to investigate possible e-mail breach

From: InfoSec News <alerts_at_private>
Date: Thu, 19 Jul 2012 03:29:21 -0500 (CDT)
http://arstechnica.com/security/2012/07/dropbox-hires-outside-experts-to-investigate-possible-e-mail-breach/

By Jon Brodkin
Ars Technica
July 18 2012

Dropbox users have been complaining for a couple of days about spam 
delivered to e-mail accounts they created solely to log into Dropbox. 
There have been no reports of unauthorized activity on Dropbox accounts, 
but it's happening to enough users that Dropbox is investigating the 
matter with its internal security team. The company has also brought in 
"outside experts" to find out if there has been a breach.

"We wanted to update everyone about spam being sent to e-mail addresses 
associated with some Dropbox accounts," a Dropbox representative told 
users on a support forum today. "We continue to investigate and our 
security team is working hard on this. We’ve also brought in a team of 
outside experts to make sure we leave no stone unturned. While we 
haven’t had any reports of unauthorized activity on Dropbox accounts, 
we’ve taken a number of precautionary steps and continue to work around 
the clock to make sure your information is safe. We’ll continue to 
provide updates."

The forum has six pages worth of complaints from mostly European users 
getting spam from "Euro Dice Exchange" and other online casinos and 
shady-sounding senders. While everyone gets e-mail spam, users raised a 
flag because the messages were often coming to accounts used only for 
Dropbox.

A Dropbox error one year ago left every single Dropbox account unsecured 
and accessible with any password for four hours. Given that Dropbox's 
business model depends on users trusting their data to the company, 
Dropbox has to be extra careful. But in this case, it's not yet certain 
there has been a breach. Some Dropbox users posting on the support forum 
and Twitter report receiving no spam, and the problem may be isolated to 
a small percentage of users.

[...]


--
Learn how to be a Pen Tester, CISSP, ISSMP, or ISSAP with Expanding Security online.
Come to a free class and see how good and fun the program really is.
http://www.expandingsecurity.com/PainPill
Received on Thu Jul 19 2012 - 01:29:21 PDT

This archive was generated by hypermail 2.2.0 : Thu Jul 19 2012 - 01:34:28 PDT