July 18, 2012 at 7:10 PM ET
A number of users have reported spam emails being sent to addresses associated with Dropbox accounts, suggesting the possibility that the cloud storage service has suffered some kind of security breach. The company tells NBC News it is looking into the situation, but the spam messages continue to be sent and some users are worried that exposed data could include something more sensitive than email addresses.
The breach was first noticed by a user on the Dropbox support forums on Monday, and since then many other users have also reported spam emails. Many of the email addresses were only used for Dropbox registration and notifications, so while there's clearly a connection, it can't be said just yet whether it is Dropbox itself that has had a security breach, or perhaps whether a third-party app or service associated with Dropbox is involved.
A Dropbox security team member responded on the forums that the issue was being looked into:
We wanted to update everyone about spam being sent to email addresses associated with some Dropbox accounts. We continue to investigate and our security team is working hard on this. We’ve also brought in a team of outside experts to make sure we leave no stone unturned.
While we haven’t had any reports of unauthorized activity on Dropbox accounts, we’ve taken a number of precautionary steps and continue to work around the clock to make sure your information is safe. We’ll continue to provide updates.
A Dropbox representative told NBC News that the security team is still working on this, and that they will update the community as soon as they can. The representative emphasized that they had not detected any evidence of private files being accessed, but declined to speculate further on the extent or nature of the leak.
The emails seem to be focused on European users of the service, German in particular. To be on the safe side, Dropbox users worldwide might consider changing their password or associated email, though nobody from outside Europe has reported any spam yet. We will update this story if Dropbox shares any additional information.
Devin Coldewey is acontributing writer for NBC News. His personal website iscoldewey.cc.