Recent news articles claiming that Dropbox was hacked aren’t true. Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens.
Attacks like these are one of the reasons why we strongly encourage users not to reuse passwords across services. For an added layer of security, we always recommend enabling 2 step verification on your account.
Update: 10/14/2014 12:30am PT
A subsequent list of usernames and passwords has been posted online. We’ve checked and these are not associated with Dropbox accounts.
Users in Reddit have claimed that multiple credentials were working at the time of the Reddit site posting.
Ironically, shortly before the Reddit posting, Edward Snowden stated in a Google Hangout session with Jayne Mayer for the New Yorker Festival,
We’re talking about encryption, we’re talking about dropping programs that are hostile to privacy, for example Dropbox. Get rid of Dropbox. It doesn’t support encryption, it doesn’t protect your private files. And use competitors like SpiderOak that do the same exact service but they protect the content of what you’re sharing.
Same thing with companies like Facebook, companies like Google. They’ve made strides to increase the security of their programs and they’re getting better than they have been, but they’re still not safe. These are dangerous services.