Dropbox users are again complaining about receiving spam at the email addresses they have registered with the service and blaming it on the data breach the popular storage service suffered last year. Users say they believe their email addresses were sold to a spammer. The messages appear to be a classic phishing attack concerning a fake financial transaction.
“Please be informed, that your most recent Direct Deposit transaction (No.243358739579) was cancelled [sic], because your business software package was out of date,” the spam said. “Please visit the secure section of our web site to see the details.”
Dropbox is again denying responsibility. They initially denied responsibility for last year’s incident as well, but an independent investigation revealed that an employee had fallen for a phishing email and turned over his login info to a cybercriminal, who used them to steal a document containing user emails. While Dropbox insists they haven’t detected any suspicious activity on their servers, they promised to conduct another investigation. It’s not clear if the people who got the spam last time are the same people who got the most recent one. If they are the same, it’s likely the scammer sold the info to another scammer.
Are you are Dropbox user who has received spam at your Dropbox registered email address? I’ve been a Dropbox user for years but to my knowledge haven’t received any spam like the one quoted above. It’s possible my ISP nuked it before it got to me though. Do you think they are covering up a serious issue or is it really just a coincidence? Leave a comment and let us know what you think!