Dropbox Experiences Increased Spam after Employee Account Breach

The cloud storage service Dropbox said Tuesday that the increase in spam e-mail sent to users last month was directly related to an employee account compromise.

"A stolen password was also used to access an employee Dropbox account containing a project document with user email addresses," said Dropbox's  Aditya Agarwal in a blog post.  "We believe this improper access is what led to the spam. We're sorry about this, and have put additional controls in place to help make sure it doesn't happen again."

The spam featured advertisements for an online gambling site aimed at European users written in English, German and Dutch.

In response to this recent breach, the company announced that it has begun implementing new security features into its service.

The first, coming in the next few weeks is a two-factor authentication process that will require two proofs of identity when logging in. This can be something like a user's password and a code sent to the user's cell phone, according to the company.

The company will also be adding a feature that will notify users if "unusual" activity on an account occurs, a new Web page where users can view all logged activity on an account and Dropbox will require users to regularly change their passwords.

Agarwal said that that along with these security additions, users must remember to always adhere to safe online practices.

"At the same time, we strongly recommend you improve your online safety by setting a unique password for each website you use," said Agarwal. "Though it's easy to reuse the same password on different websites, this means if any one site is compromised, all your accounts are at risk."

Last week's breach marks the second time in a little more than a year that Dropbox had been hit by a security breach. Last year an estimated number of 100  customer accounts were exposed for a few hours, allowing anyone to access them without a valid password.

About the Author

Chris Paoli is the site producer for and


  • Office 365 Attack Simulator Now Supports Attachments

    The Attack Simulator in Office 365 tool has been updated and now has the ability to include message attachments in targeted campaigns, according to a Friday Microsoft announcement.

  • How To Disable Touch Input in Windows 10

    When the touchscreen on your Windows 10 laptop goes bad, there's no reason to throw that baby out with the bath water.

  • Microsoft Previews Windows VM Authentications via Azure Active Directory

    Microsoft on Thursday announced a preview of remote authentications into Windows-based Azure virtual machines (VMs) using Azure AD credentials.

  • Windows Server 20H1 Getting Smaller Containers and Faster PowerShell

    Microsoft is promising to deliver a smaller container size and improved PowerShell performance with its next release of Windows Server.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.