On Thursday, a post appeared on the security blog WNCInfosec claiming that private text files uploaded to Dropbox were being read without users’ permission.

The Infosec user, who posted under the name vintsurf, said that they made the discovery while beta testing a new web application called HoneyDocs. Essentially, HoneyDocs allows users to create files that “buzz home”—in other words, notify the file’s creator—when they are opened.

In an attempt to see whether Dropbox files were really kept private, the user uploaded a trove of documents with different file extensions, and found that those with .doc extensions were being accessed. Since only text-containing documents were opened, vintsurf ruled out the idea that the intrusion was the result of an automated malware sweep of all files uploaded to Dropbox.

“All in all, I made three attempts to upload embedded documents and all appeared to be opened,” vintsurf wrote. “I’d like to know why.”

The curious result comes on the heals of a series of leaks by former U.S. National Security Agency contractor Edward Snowden revealing the agency’s massive online spy operations.

In the surveillance program known as PRISM, the agency collects private user data from nine Silicon Valley tech giants including Facebook, Google, Yahoo, Microsoft, and Apple. On one PRISM document taken by Snowden, Dropbox was apparently listed as “coming soon.”

“We’ve seen reports that Dropbox might be asked to participate in a government program called PRISM. We are not part of any such program and remain committed to protecting our users’ privacy,” a Dropbox spokesperson told The Verge when the PRISM news first broke.

Update: A spokesperson for Dropbox told the Daily Dot: “Dropbox allows people to open and preview files from their browser. This blog post relates to backend processes that automatically create these document previews, making it easier for people to view docs within their Dropbox.”

Photo by Mark Crossfield/Flickr