Early Thursday, Dropbox user Forrest Fmade an exceptional claimon Dropbox's support forums: "You guys leaked or gave out my email. Why?"
Forrest, it turns out, had employed a trick common among cautious internet users — he used a unique variation of his email address, otherwise known as an alias, whenever he signed up for a new service. That way, the thinking goes, he could see if any companies he trusted with his information weresharingit. If spam arrived in his inbox, he could see that it was sent to an alias, and track it back to its source. Recently, he started getting spam — and it came from his Dropbox address.
A moderater quicklyaddressedthe claim, saying that Forrest likely hadn't been hacked. "A lot of spammers try hit and miss techniques," he wrote "and you're likely just a random victim rather than a whole mass leak of tons of DB users' emails."
Forrest didn't buy it — "I have several emails set up with several sites some for even a few years. But someone, somehow, figured out just this one. Amazing."
"Right," the moderator said, "That's essentially what I was saying. It was a random guess. Dropbox doesn't give away emails like this."
But then, what started as a single user complain quickly snowballed. Complaints came rolling in, and many confirmed that email addresses used only with Dropbox had started receiving spam"