No News Is Good News? Dropbox Says No Intrusions Found, Investigation Continues

Dropbox says it hasn’t found intrusions into its internal systems or any cases of unauthorized activity in user accounts. Earlier this week, the company appeared to be suffering from what looked like a security breach. Users, mainly those based in Europe, were being sent unsolicited spam emails related to European casino scams. It was unclear how they had been targeted, since many users claimed their email was a unique and private address they were only using on Dropbox itself. The situation seemed to be serious, as Dropbox announced on Wednesday it had hired outside experts to aid in the investigation.

The company says it doesn’t have any news at this point as to what actually happened, as the investigation remains underway. However, we have to give them credit for being at least somewhat transparent about the whole thing. In the Dropbox user forums where the issue was first posted, the latest word is that so far, as far as they can tell, this may not actually be a full-on hack into internal systems.

Here’s the full statement from the company:

Hi all,

We wanted to give everyone another update on our investigation into the reports of spam.

– As of today, we’ve found no intrusions into our internal systems and no unauthorized activity in Dropbox accounts.
– We’ve reached out to users who’ve reported receiving spam messages and are closely investigating those reports.
– Security is our top priority and we’ll let you know if we uncover evidence that these email addresses came from Dropbox.

Thanks for your patience. Investigations like this can take time and we’re working hard to get to the bottom of this.

-Graham

Initially, it was hard to tell how widespread this issue was, and whether users were victims of an attack or perhaps just malware on their PC or a compromised third-party app they were using. While Dropbox still isn’t providing details as to how many of its users were affected by the spam, the fact that the company is taking the investigation as seriously as it is implies that it was not a minor event.

Many of the victims were located in Germany, the U.K, and the Netherlands, according to early reports, and much of the spam comes from a spammer called “Euro Dice Exchange.”

More details as they come.