Dropbox brings easier file sharing and notification to updated desktop client

dropbox. meh. yet another company not taking responsibility for their security breaches. at the very least, their email list has been compromised and they're sloughing it off as something that happened nine months ago. whenever i establish a relationship with a vendor who requires an email address from me, i give them an email address unique to just them. i give that email address to no-one else and, in most circumstances, i will never send an email _from_ that email address. that is exactly what i did with dropbox. i signed up for a dropbox account almost a year ago, on march 21, 2012. i immediately received the standard "welcome" email. over the course of the next nine months i received exactly three additional marketing-type emails from them. then i started getting spam/phishing emails. on 19-feb-2013 i received an email saying my direct deposit had been disallowed; on 26-feb-2013 i received an email indicating new security was being put in place for ACH and EFT transactions; and on both 27-feb and 28-feb-2013 i received an email asking me to join a linkedin account. all four emails were phishing emails. since i have never shared that email address with anyone, since i had never sent any email _from_ that address, and since the emails were all phishing emails, then one of three things has happened: - dropbox sold, gave away, or otherwise shared my information with one or more dubious with parties. - someone hacked dropbox's systems and stole my information. - dropbox has one or more rogue employees who is using customer information for their own benefit. they say that it's because of a[URL=https://blog.dropbox.com/2012/07/security-update-new-features/] breach they had in july of 2012[/URL] but i find that hard to believe ... i don't think the spammers would wait nine months to start sending me spam, and i don't fall into either of the two categories that the dropbox blog entry says their compromised users fall into. and they say that only after weeks of badgering them to get a response. dropbox. meh.

I understood spammers make up email addresses. No problem that many or most won't exist, they just bounce. Any that don't are thereby validated and added to their list for repeated use. If you have the means, check for email sent to non-existent users email addresses at your domain, you'll find there there's plenty for all sorts of made up users that you never gave to anyone.

   I have a Dropbox account linked to an email created just for such occasions (NOT gmail).  It's used for a handful of other services as well and never sees much spam and never had a phishing email in a year and a half.   Barely ever anything there except what's supposed to be.  Google, Facebook and Yahoo make any DropBox security issues look like peanuts.  

[quote name="dangermouse" url="/t/156428/dropbox-brings-easier-file-sharing-and-notification-to-updated-desktop-client#post_2292113"]I understood spammers make up email addresses. No problem that many or most won't exist, they just bounce. Any that don't are thereby validated and added to their list for repeated use. If you have the means, check for email sent to non-existent users email addresses at your domain, you'll find there there's plenty for all sorts of made up users that you never gave to anyone.[/quote] yes they do make them up/guess them, and i look at my mail server logs all the time and can see the rejects. the email addresses i provide to vendors are in the form of some_long_random_string@some_random_subdomain.example.com, the email address is the only address in that subdomain, and so it would take quite a bit of guessing to guess the addresses. i've been running my own mail and dns servers for over a decade now and my scheme has served me very well in preventing unwanted email. as a matter of fact, the only vendor related spam i've received has been when there's been a security breach at a vendor ... it started with ameritrade in 2007 and there have been a couple every year since then. i don't believe it's a good guesser that caused me to start getting spam at this address, i believe it's a dropbox security issue.