A few days ago, many Dropbox users received an email prompting them to change their passwords if they hadn’t done so since 2012. What appeared at that time to be a “preventative measure” now seems to have been revealed as a response to a leak of account info that occurred that year. To be exact, 68,680,741 accounts may have been exposed, including email addresses and encrypted passwords that in some cases may be revealed by using a weak hash that was later modified for those who reset their password.
All these signs have come to light after lots of users started getting spam on their associated email accounts, or detecting logins from places unknown to the account owner. This, together with what seems to be an illicit access with Dropbox login details, make one think that the situation is much worse that it seemed at first.
If you’re one of those who haven’t changed their password in all time time you’ll have no choice but to update it. And if this password is the same one you use on other services you should be even more worried (also STOP DOING THAT) and review the security of all your important accounts. To check if your account was affected by this leak (or others that took place on different services in recent years), pages like this one can tell you if you’ve been the victim of a hack.
More information | Hispasec Blog