The user emails are used specifically for the cloud storage service and the breach is rumored to have begun two day ago.
Several Dropbox users say the spam they are receiving appears to be coming from fake PayPal email addresses.
While it appears that the addresses could have been obtained by Dropbox itself, the company has not confirmed the type of breach experienced. Concerns are being raised over the potential breach of customer passwords and user files.
At this time Dropbox says it believes the email addresses were obtained over the summer and that a new breach has not been discovered at this time.
In a company statement the platform heads note:
“We’ve been looking into these spam reports and take them seriously. Back in July we reported that certain user email addresses had leaked and some users had received spam as a result. At this time, we have not seen anything to suggest this is a new issue, but remain vigilant given the recent wave of security incidents at other tech companies.”
Oftentimes a hacker will receive access to unauthorized emails and then hours, day, and even months later they will sell off those email addresses for a quick profit.
Interestingly enough Dropbox users Zendesk to handle email support and last week Zendesk admitted that its network was hacked and user info for Twitter, Pinterest and other accounts were hacked.
In any case users should be wary of any emails they receive directly to their Dropbox only email addresses.