Dropbox Experiences Increased Spam after Employee Account Breach

The cloud storage service Dropbox said Tuesday that the increase in spam e-mail sent to users last month was directly related to an employee account compromise.

"A stolen password was also used to access an employee Dropbox account containing a project document with user email addresses," said Dropbox's  Aditya Agarwal in a blog post.  "We believe this improper access is what led to the spam. We're sorry about this, and have put additional controls in place to help make sure it doesn't happen again."

The spam featured advertisements for an online gambling site aimed at European users written in English, German and Dutch.

In response to this recent breach, the company announced that it has begun implementing new security features into its service.

The first, coming in the next few weeks is a two-factor authentication process that will require two proofs of identity when logging in. This can be something like a user's password and a code sent to the user's cell phone, according to the company.

The company will also be adding a feature that will notify users if "unusual" activity on an account occurs, a new Web page where users can view all logged activity on an account and Dropbox will require users to regularly change their passwords.

Agarwal said that that along with these security additions, users must remember to always adhere to safe online practices.

"At the same time, we strongly recommend you improve your online safety by setting a unique password for each website you use," said Agarwal. "Though it's easy to reuse the same password on different websites, this means if any one site is compromised, all your accounts are at risk."

Last week's breach marks the second time in a little more than a year that Dropbox had been hit by a security breach. Last year an estimated number of 100  customer accounts were exposed for a few hours, allowing anyone to access them without a valid password.

About the Author

Chris Paoli is the site producer for and


  • Azure Backup for SQL Server 2008 Available at Preview Stage

    Microsoft added the option of using the Azure Backup service to provide recovery support for SQL Server 2008 and SQL Server 2008 R2 when those workloads are hosted on Azure virtual machines.

  • Microsoft Suggests Disabling Old Protocols with Exchange Server 2019

    Exchange Server 2019 with Cumulative Update 2 (CU2) can help organizations rid themselves of old authentication protocols, which constitute a potential security risk.

  • Microsoft Previews New Edge Browser on Windows 7 and Windows 8.1

    Microsoft announced this week that it has released previews of its Chromium-based Microsoft Edge Web browsers for use on Windows 7, Windows 8 and Windows 8.1 systems.

  • Exchange Server June Cumulative Updates Arrive, But with Red Tape

    Microsoft released its quarterly cumulative updates (CUs) for Exchange Server 2013, 2016 and 2019 products this week, but added an extra step for IT pros to consider before installing them.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.