H-Online: Spammers are currently sending large volumes of spam to users of cloud storage service provider Dropbox. The H’s associates at heise Security have so far received four different pieces of German-language spam at an email address used solely to register with Dropbox, and some of their readers have reported the same problem; similar reports can also be found on the Dropbox forums. In almost all cases, the spam is for suspicious-looking online casinos.
Much of the spam appears to have been sent to users with their own domains who created a custom email address such as firstname.lastname@example.org to register for the Dropbox file-sharing service. This would suggest that the spammers may simply have been lucky. According to forum discussions, however, emails have also been received by people who have not used this easily guessable address format.
On the Dropbox forums, the company announced that it has asked its security team to investigate the incident, and has also called in outside experts. At present, it has found no evidence of unauthorized access to Dropbox accounts, but this could change as the investigation moves forward. The company has reassured users that a recent thirty minute web site outage had nothing to do with this incident.