Dropbox has admitted that a number of customers have been spammed following a breach of its infrastructure that led to a number of accounts being compromised.
The cloud storage provider said that it was made aware of the breach when account holders reported receiving unwanted messages in email accounts used only for Dropbox communications.
The company said in a blog post that it had taken action to investigate claims.
"A couple weeks ago, we started getting emails from some users about spam they were receiving at email addresses used only for Dropbox. We've been working hard to get to the bottom of this, and want to give you an update," said Aditya Agarwal, vice president of Engineering at Dropbox.
"Our investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of Dropbox accounts. We've contacted these users and have helped them protect their accounts."
The company confirmed that several other accounts were also compromised when an employee's Dropbox account also got hacked.
"A stolen password was also used to access an employee Dropbox account containing a project document with user email addresses," said the company.
"We believe this improper access is what led to the spam."
Dropbox apologised for the breach and said it would now put additional controls in place to help make sure it doesn't happen again.
The company has now reset affected customers' passwords and will be implementing two-factor authentication including temporary codes sent to mobile phones when signing in.
It also plans to introduce automated mechanisms to help identify suspicious activity. Dropbox said it would also continue to add more of these over time.
Neil Cook, chief technology officer of security company Cloudmark said that the breach was "unsophisticated".
"The offending messages were hitting a handful of spammy fingerprints at once," he said. "If this were an exam, the spammer would receive an ungraded' mark for lack of message complexity or originality."
Cook added that recent data from Cloudmark's Global Threat Network found that there were 264 different domains in use by this spammer.
-
AI layoffs could spark a new wave of offshoringNews Analysts expect a wave of rehiring next year in the wake of AI layoffs. That may sound like good news for workers, but it'll probably involve offshoring or outsourcing.
-
Hackers are using these malicious npm packages to target developers Windows, macOS, and Linux systemsNews Security experts have issued a warning to developers after ten malicious npm packages were found to deliver infostealer malware across Windows, Linux, and macOS systems.
-
Thousands of exposed civil servant passwords are up for grabs onlineNews While the password security failures are concerning, they pale in comparison to other nations
-
Gen Z has a cyber hygiene problemNews A new survey shows Gen Z is far less concerned about cybersecurity than older generations
-
Passwords are a problem: why device-bound passkeys can be the future of secure authenticationIndustry insights AI-driven cyberthreats demand a passwordless future…
-
LastPass just launched a tool to help security teams keep tabs on shadow IT risksNews Companies need to know what apps their employees are using, so LastPass made a browser extension to help
-
The NCSC wants you to start using password managers and passkeys – here’s how to choose the best options
News New guidance from the NCSC recommends using passkeys and password managers – but how can you choose the best option? ITPro has you covered.
-
Scania admits leak of data after extortion attemptNews Hacker stole 34,000 files from a third-party managed website, trucking company says
-
I love magic links – why aren’t more services using them?Opinion Using magic links instead of passwords is safe and easy but they’re still infuriatingly underused by businesses
-
Password management startup Passbolt secures $8 million to shake up credential securityNews Password management startup Passbolt has secured $8 million in funding as part of a Series A investment round.
