“Several weeks ago, reports started to trickle out that a number of Dropbox users were under attack from spam,” Rip Empson reports for TechCrunch.

“Since then, Dropbox has been investigating those attacks (with some help from a third-party) and today gave the first update on the progress, saying that some accounts were indeed accessed by hackers, but that it is now adding two-factor authentication and other security features to prevent further problems,” Empson reports. “The company (via Dropbox’s VP of Engineering, Aditya Agarwal) said in a blog post that its investigation found that the usernames and passwords were in fact stolen and were stolen from third party websites, which were then used to sign in to ‘a small number of Dropbox accounts.’ The company did not cite numbers specifically, so it’s not clear exactly how many accounts were accessed, but the company did say that it has contacted those users and is helping them to further protect their accounts.”

Empson reports, “The company also said that one of those stolen passwords was used to access a Dropbox employee’s account, which contained a project document with user email addresses. The company believes that “this improper access is what led to the spam.” The company also apologized and said that it has ‘put additional controls in place to help make sure it doesn’t happen again.'”

Read more in the full article here.

[Thanks to MacDailyNews Reader “Lynn Weiler” for the heads up.]