We both agree on two points, they need to do something about their support forum, and they don't definitely have a technical problem with their site/code/security.
They do seem to have a customer expectation and privacy problem though. If, as described by enough forum poster for it not to be a coincidence, email accounts created just for Dropbox's service and which are not trivially guessable are getting spammed - then Dropbox has somehow leaked customer data that customers had expectations of being private. If that were me, I'd consider myself to "certainly have a problem" - whether that problem is "my user database just got exposed via an SQLi attack", or "my contract with my newsletter emailing partner or customer support software service wasn't well thought through enough and they've used my clients email addresses without my/their permission".
While I agree that a 3rd party (or even a 3rd party app) uploading their addressbook is beyond Dropbox's control - that doesn't seem likely to be the cause from my reading of the first few pages of that forum thread this morning - I doubt the sort of person who creates "username.dropbox@example.com" style email addresses for Dropbox is likely to then add that address into a contact list where Facebook or Instagram style contact-mining apps are likely to find them.
It'll be interesting to see this as it pans out - I'm reasonably sure Dropbox or one of their partners (I'd put a small wager on Zendesk) or some malware targeting their client-app; is "leaking" username/emails.
They do seem to have a customer expectation and privacy problem though. If, as described by enough forum poster for it not to be a coincidence, email accounts created just for Dropbox's service and which are not trivially guessable are getting spammed - then Dropbox has somehow leaked customer data that customers had expectations of being private. If that were me, I'd consider myself to "certainly have a problem" - whether that problem is "my user database just got exposed via an SQLi attack", or "my contract with my newsletter emailing partner or customer support software service wasn't well thought through enough and they've used my clients email addresses without my/their permission".
While I agree that a 3rd party (or even a 3rd party app) uploading their addressbook is beyond Dropbox's control - that doesn't seem likely to be the cause from my reading of the first few pages of that forum thread this morning - I doubt the sort of person who creates "username.dropbox@example.com" style email addresses for Dropbox is likely to then add that address into a contact list where Facebook or Instagram style contact-mining apps are likely to find them.
It'll be interesting to see this as it pans out - I'm reasonably sure Dropbox or one of their partners (I'd put a small wager on Zendesk) or some malware targeting their client-app; is "leaking" username/emails.