An attacker used a collection of illicitly obtained usernames and passwords to infiltrate a number of Dropbox accounts, including one belonging to a Dropbox employee. The company s admission follows a series of customer complaints earlier this month that email addresses they used only for Dropbox were being targeted by gambling and casino website spam. The San Francisco-based company also announced plans to implement two-factor authentication where users log-in using their password and a code sent to their phone over the next few weeks.
Source: https://threatpost.com/dropbox-blame-breach-recent-spam-080112/76871/