Dropbox says there is no evidence of breach, continues investigating

Last week European Dropbox users began receiving spam emails advertising gambling websites, and given that many of them received it on unique email address created for the sole purpose of subscribing to the file hosting service, speculations were raised about a possible breach of the company’s systems.

A Dropdox employee had, at the time, shared that the company was looking into the matter and that they had even brought in an outside team to investigate.

Two days later, another employee piped up to report that for the time being, no intrusions in the company’s internal systems had been found and no unauthorized activity in Dropbox accounts had been detected.

“We’ve reached out to users who’ve reported receiving spam messages and are closely investigating those reports,” he said. “Security is our top priority and we’ll let you know if we uncover evidence that these email addresses came from Dropbox. Thanks for your patience. Investigations like this can take time and we’re working hard to get to the bottom of this.”

I don’t know whether to consider this good or bad news – if Dropbox’ databases weren’t compromised, how did the spammers get their hand on the emails in question?

Also, how come that the users were receiving the spam in their native language (Dutch, German, English)? Even if the emails were guessed, correctly guessing the users’ native language from their format is not easy.

Let’s hope we’ll receive an answer soon.