In an eerie echo of a data breach that occurred over the summer, Dropbox users have reported receiving spam at email addresses they use exclusively for the cloud storage service, starting about two days ago.
A handful of users have reported similar incidents to Dropbox. Several say the spam they have received appears to come from PayPal.
The spam mail suggests that the addresses could have been obtained from Dropbox itself, raising the question of whether passwords or user files could also have been compromised.
Dropbox says it believes the emails were obtained last summer and do not point to any ongoing security issues.
“We’ve been looking into these spam reports and take them seriously. Back in July we reported that certain user email addresses had leaked and some users had received spam as a result. At this time, we have not seen anything to suggest this is a new issue, but remain vigilant given the recent wave of security incidents at other tech companies,” said a company statement.
The recent spam could result from a recent sale of some of the addresses obtained this summer.
Users also wondered the emails could have stemmed from an incident last week in which hackers obtained information about users of Tumblr, Twitter and Pinterest through support service provider Zendesk. Dropbox uses Zendesk to handle email support, according to Dropbox forums moderator Nathan Cheek.
Whatever the cause, the incident reveals how sticky security issues have become.