Cloud storage provider Dropbox believes its service suffered a security breach after some users discovered July 17 that they had been targets of spam emails sent to accounts used solely for the cloud file storage service.
Spam isn’t supposed to get into private storage services; ostensibly, only subscribed users have access to their accounts.
As a result, on July 19 Dropbox revealed that it has hired some outside security experts to help with its own investigation.
In an effort to alert Dropbox users, a Dropbox staff member named Joe G. posted the following on a company forum page: “We wanted to update everyone about spam being sent to email addresses associated with some Dropbox accounts. We continue to investigate and our security team is working hard on this. Weve also brought in a team of outside experts to make sure we leave no stone unturned.
“While we havent had any reports of unauthorized activity on Dropbox accounts, weve taken a number of precautionary steps and continue to work around the clock to make sure your information is safe. Well continue to provide updates.”
On July 17, several Dropbox customers used the forums to complain about receiving a flood of spam in their email. Some of them reported that the email address affected is one they have used exclusively for their Dropbox account.
Most of Those Affected Are in Europe
Dropbox said that most of the users who complained are from Europe and at least some of the spam messages are scams masquerading as messages from European gambling sites.
“The data center is being transformed at a rapid pace–cloud, virtualization, converged infrastructure, BYOD and mobile are all big shifts being driven by ROI, cost savings and productivity business goals,” said HyTrust President and founder and cloud security expert Eric Chiu.
“However, at the same time, many of the other core elements such as security and compliance tools as well as processes have not changed to meet this new environment.”
Dropbox is an example of a consumer-type application that has infiltrated the enterprise, which can have serious security consequences, since employees often hold confidential corporate data without any enterprise security controls, Chiu said.
“With external and internal breaches happening daily, this is a perfect formula for major disasters to happen. The need for consistent configuration, and controls for access, management and visibility is critical,” Chiu said.