In mid-July, Dropbox users reported receiving spam in email accounts created exclusively for the service. The company has admitted that the problem was the result of a security breach. A stolen password was also used to access an employee Dropbox account containing a project document with user email addresses. Over the next few weeks, you can expect to see the option of using a two-factor authentication process, as well as the ability to examine all active logins to your account. It’s another sound reminder that you should use a separate, strong password for each website.”]
Source: https://gizmodo.com/dropbox-admits-spam-was-due-to-security-breach-5930752

