Some Dropbox users started complaining that they had received spam to accounts created and used solely for Dropbox. Claims of spam sent to users started to mount and, as Dropbox didn’t sell this user information, the first thought on everyone’s mind was that Dropbox had been compromised and user information was taken. The worry there was how much user data did they possibly get their hands on. Dropbox’s own access to user data has been a touchy subject, let alone nefarious hands that may have found their way into the popular remote storage provider. Receiving spam isn’t, necessarily, definitive proof of a leak but an independent party was hired to look and find any problems. They found one.
In late August, Dropbox announced in a blog post that an employee’s account was compromised and a file containing e-mail addresses was taken. How much data was in there, or what other files might have been accessed is unsure. If you have a Dropbox account that uses the same login credentials as another site, we highly recommend you change your password.