Earlier this month, Various Dropbox users began reporting that they where getting spam to addresses they where online using for Dropbox’s online storage and syncing services, which has now been confirmed from Dropbox themselves, who have stated that it hadn’t in fact been hacked but this issue was due to a “small number” of stolen user passwords from other sites.
What has this got to do with the spam? Well one of those user passwords happened to belong to a Dropbox employee’s folder which contained a number of user email addresses.
The fact that Dropbox has in no way, encrypted these lists of user emails is quite worrying and is defiantly something that should be fixed real soon, Dropbox does say that it will be increasing security across its site, the biggest of which is an optional two-factor authentication system, which will only allow someone to access your account with the second temporary code sent to their phones.
They have also introduced a new page that will let you view all of active logins to your account, they will also be asking you to change your password if it hasn’t been changed in some time.