It seems that Dropbox, file-syncing Cloud service, has had a breach.
According to their blog, “…usernames and passwords recently stolen from other websites were used to sign in to a small number of Dropbox accounts.” They have already contacted affected users and have assisted in protecting their Dropbox accounts.
Aside from that, one of the stolen password was used to access a Dropbox employee account which had a project document that contained user email addresses.
We believe this improper access is what led to the spam. We’re sorry about this, and have put additional controls in place to help make sure it doesn’t happen again.
After the breach, Dropbox implemented stronger security such as:
- Two-Factor Authentication will be implemented within the coming weeks to provide additional security aside from your password such as an authentication code sent from your smartphone.
- New Active Log-in Page, which is already up, lets you monitor which devices and browsers have been using your Dropbox account.
- New automated mechanisms that identifies suspicious activities.
Source: Dropbox Blog