InformationWeek: After a two-week investigation into reports of increased spam among Dropbox users, the company has determined that attackers stole an unspecified “small number” of user account names and passwords. “We’ve contacted these users and have helped them protect their accounts,” said Dropbox’s Aditya Agarwal.
Apparently, the attacker was able to gain access to the information because of an internal password-reuse problem. “A stolen password was also used to access an employee Dropbox account containing a project document with user email addresses,” said Agarwal. “We believe this improper access is what led to the spam. We’re sorry about this, and have put additional controls in place to help make sure it doesn’t happen again.”
Security experts say that the best way to protect yourself against attacks like these is to use a different password for every service and to encrypt any information stored in the cloud.