If you have been getting more spam than usual, Dropbox may be the culprit. Recently, in mid-July, some Dropbox users have reported that they have been receiving spam in their email accounts that is only for Dropbox use. Now, the company has admitted that there was a security breach in the company.
Our investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of Dropbox accounts. We’ve contacted these users and have helped them protect their accounts. [Also,] a stolen password was also used to access an employee Dropbox account containing a project document with user email addresses. We believe this improper access is what led to the spam. We’re sorry about this, and have put additional controls in place to help make sure it doesn’t happen again.
As of right now, the company has contacted to those users who were affected by the breach recommending them to watch their accounts and change their passwords.
Although there was a security breach in the company, the service was not hacked. Though the company was not hacked, it is concerning that the lists of Dropbox registered emails were stored without encryption.
The recent incident has caused Dropbox to tighten up their security. Dropbox said that in the coming weeks they will add in two factor authentication, monitor suspicious activity, a new page to monitor all logins into the account, and (in some cases) request users to change their passwords.
Even though Dropbox has been breached, the service is used by many people and organizations. Dropbox recommends users to set a unique password and use tools like 1Password to help remember those passwords.