At Technology Personalized, we can confirm that some of the accounts were indeed real and we could authenticate to Dropbox servers with a couple of account details. Since then, Dropbox seems to be forcing the account holders to do a password change for around 1250 accounts already leaked by the hacker. Sadly, this isn’t the first time Dropbox has been hacked. The popular cloud storage service had previously introduced 2-factor authentication for improved security, and it appears not many users bothered to enable it. If you haven’t done that yet, make sure you go back and enable two-factor authentication right away. You can enable 2-factor Authentication by logging into Dropbox, clicking the drop-down in the upper right-hand corner, choosing Settings, then the Security tab, and clicking “Enable” next to “Two-Step verification”. If you are one of those users who use the same password on multiple sites, you might like to change the password on other services as well. Update: Dropbox has said in a statement that it is not to blame for the leaked passwords and that these were stolen from other services: So it appears that the hacker has used the stolen passwords from previous hacks (of Yahoo and others) and matched it with Dropbox usernames.