Thousands of Dropbox users had their accounts compromised recently, after hackers stole usernames and passwords derived from external websites used to login to users' Dropbox accounts. The company was alerted of the security breach after users started to complain about receiving spam mails on their email accounts reserved solely for the cloud-storage application. On top of that, it's also reported that an employee's account was hacked into as well. The online thieves made away with a certain "project document", which contains a list of user email addresses, although it's unclear if the document encloses more than what's mentioned.
Aditya Agarwal, Dropbox's Director of Engineering, has this to say on the company's blog: "We believe this improper access is what led to the spam. We’re sorry about this, and have put additional controls in place to help make sure it doesn’t happen again."
As for affected users, Agarwal states that Dropbox has contacted these users and "helped them protect their accounts". He also added that Dropbox will be implementing a two-factor authentication system (optional) in a few weeks time. The new security measure will require users to sign-in with a password as well as a pass-code sent to users' mobile phones. Other security improvements include a "log page" for users to check all active logins if need be.