A couple weeks ago, Dropbox started receiving emails from some of their users about spam being receiving at email addresses only used for Dropbox. Yesterday Dropbox announced it had confirmed a recent security issue with its service. After an internal investigation it was found that username and passwords stolen from other sites were the culprit.
Furthermore, a stolen password was also used to access the account of a Dropbox employee containing a project document with user email addresses. They believe this improper access is what led to the spam. Dropbox has publicly apologized about this, and has put additional controls in place to help make sure it doesn’t happen again.
As always, it is highly recommended to use unique passwords for each site you have an account with. This can greatly reduce your personal vulnerability during these types of system breaches, even with trusted services.