In a blog post, Dropbox said that a password of a compromised account was “used to access an employee Dropbox account containing a project document with user email addresses.”
The email addresses were definitely revealed but there was no indication whether passwords were revealed or not. Hackers turned to spamming these email accounts.
Some Dropbox customer reported that their accounts were hacked. But, this has nothing to do with what happened at Dropbox. The cloud storage company further went on to say that “Our investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of Dropbox accounts”.
Dropbox has already started working on enhanced security measures and that it will be providing optional two-factor authentication service. Further it will also provide users will new page whereby they can view all active logins to their accounts and is going to setup a “new automated mechanisms to help identify suspicious activity.”