For some background: On July 17th, a number of Dropbox users begun noticing an increase in the level spam attacking their accounts. As Sarah reported at the time, the red flag appeared when users begun reporting that the email accounts receiving spam were in fact only tied to their Dropbox accounts, which indicated that the address leak had come from Dropbox itself. Many of those reports came from the company’s international users, including Germany, the U.K. and the Netherlands.
To its credit, Dropbox was quick to respond. Less than 24 hours later, in a message posted to forums, the company said they were bringing in “an outside team of experts” to back up their own security team in the investigation along with help from law enforcement. Today, we received the first round of answers.