"Our investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of Dropbox accounts. We've contacted these users and have helped them protect their accounts," Dropbox said.
"A stolen password was also used to access an employee Dropbox account containing a project document with user email addresses. We believe this improper access is what led to the spam."
After the attack, security measures were taken to improve the security of website. This includes a new two-factor authentication system that requires two types of identity proof, new mechanisms to identify suspicious activity and an activity monitoring page for users to review all activity on their accounts.
Kindly Bookmark it and Share it with Friends: