File hosting service Dropbox was hit with a brief 20-minute outage yesterday afternoon but the bigger story is the discovery of what appears to be some type of internal or external email address leak. The downtime and security concern are reportedly unrelated and appear to be limited to users in Europe at the moment.
A thread was started on the Dropbox forum yesterday where the author complained of receiving spam messages at an email account that was only used for Dropbox. Since that time there have been more than 150 replies, most from people receiving similar spam messages pertaining to online casinos and gambling sites. Similarly, many users have taken to Twitter to voice their concerns.
Dropbox issued the following statement concerning the incident.
We're aware that some Dropbox users have been receiving spam to email addresses associated with their Dropbox accounts. Our top priority is investigating this issue thoroughly and updating you as soon as we can. We know it's frustrating not to get an update with more details sooner, but please bear with us as our investigation continues.
A Dropbox spokesperson later noted that the downtime and spam emails were unrelated. Either way, it’s pretty concerning news coming from a company that prides itself on user security.
Of course, it’s still too early to determine if Dropbox is responsible for the leaked addresses or not. It’s plausible that a spambot has been trying random email addresses on the site or that malware on the client’s end is responsible but given the scope of the spam outbreak, these methods seem pretty unlikely. It’s much more likely that a third party app with Dropbox access may be responsible but for now, we’ll have to wait to hear the company’s official response.