Dropbox has confirmed some account names and passwords have been stolen.
It was alerted after users started complaining about spam they were receiving to email addresses used only for their Dropbox accounts. It started an investigation, and found usernames and passwords stolen from other websites were used to sign in to "a small number" of Dropbox accounts.
One stolen password was also used to access an employee Dropbox account, which unfortunately contained a documents revealing user email addresses. Hence the spam.
Most of the people affected are from the UK, Germany and Holland.
New security measures
Dropbox has apologised for the breach, and has announced some new security measures to keep users safe.
Two-factor authentication requires you verify your identity by two methods, such as a password as well as a temporary code sent to your phone. So belt and braces. It'll be rolled out in a few weeks.
The company will also launch new automated mechanisms to help identify suspicious activity, and a new page that shows you all logins to your account. So they should spot any fishy goings-on.
It says it may also ask users to change their passwords from time to time.
It reiterates to stay safe you should use a different password for every website, to prevent one hack compromising all your activity online.
If you're having trouble keeping track of all your passwords, it suggests checking out 1Password, which keeps a tab on everything. As long as that isn't hacked.
Article continues below