The Spam Diaries

News and musings about the fight against spam.
 by Edward Falk

Monday, March 11, 2013

Name and Shame -- Dropbox leaks my email

Based on a tip from John Levine's blog, I went back and looked at my own spam filter. Turns out that I've received two spams in the last month to the tagged address I gave to Dropbox when I opened my account there.

Did they sell their mailing lists, or were they stolen?  I don't really care; they had a duty to keep that information away from spammers and they failed. Frankly, I would have hoped for better security from a company to whom people trust their personal data.

Well, the primary lesson here is that you can't trust the cloud. If you're putting personal stuff up on Dropbox or any other cloud service, make sure you encrypt it at your end first.

News: Dropbox users report spam emails after last year's data breach. (ZDNet)

Relevant articles: How to encrypt your cloud storage for free (PCWorld), How To Add a Second Layer of Encryption to Dropbox (LifeHacker).  Executive summary:  Use TrueCrypt (or any other crypto software) to manually encrypt your files before uploading them, or BoxCryptor (Windows, Mac, iOS, Android) as a front end to DropBox, Google Drive, or any other cloud provider.

Edited to add: see also Spideroak, which does encryption at your end:


Anonymous Anonymous said...

Definitely the case. Using spamgourmet here for things like that and that makes it pretty easy to determine where the spam comes from. +1 for encrypting your stuff. Or better still, setup your own storage.
I'd advise everyone to use spamgourmet for everything beyond mail to family & friends. I get a lot of spam from all the tagged mail addresses I have given out. dropbox sadly is not just one exception to a perfect world.

12:58 AM  

Post a Comment

<< Home