The news spread on Dropbox' online forum, as many users who claim to have used a unique email address to subscribe to the cloud storage service say that they have been receiving several of the aforementioned emails, written in English, German and Dutch.
H Security speculates that the maybe the spammers simply tried to send emails to email addresses that can be easily guessed, such as firstname.lastname@example.org, and got lucky with some of them. The theory seems to hold water, as many users who have not used unique email addresses have not received this spam.
On the other hand, how is it that only European users were targeted?
"I don't get it... does Dropbox segregate users from different countries? I'd imagine if this was a breach, everyone would be getting these spam mails, NOT JUST European(German mainly) users," commented one user.
As more and more users pipe up to share their experience with this spam run and offer different theories, Dropbox has not shared what it already knows - if anything.
A Dropbox employee stated on the forum that the company continues to investigate the situation and that apart from its own internal security team, Dropbox has also engaged a team of outside experts to look into the matter.
"While we haven’t had any reports of unauthorized activity on Dropbox accounts, we’ve taken a number of precautionary steps and continue to work around the clock to make sure your information is safe," he wrote, and added that a recent 20-minute site outage was "incidental and not caused by any external factor or third party."
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.