Yesterday, a cache claiming to hold Dropbox passwords was dumped onto the net, leading many people to speculate that the company had suffered a breach. Dropbox, for its part, has said that the logins didn’t originate from its service, and that any affected passwords have already been reset.
According to a blog post from the company, the passwords originated from other services, and attackers then decided to try them on Dropbox. People concerned that they might be affected by the breach should make sure that their Dropbox password is unique. Other than that, what you do depends on how much you trust Dropbox’s own security systems.
At the very least, it’s worth it to take the next step and set up two-factor authentication for Dropbox. That way, even if your password gets taken, an attacker would still need a code generator keyed to your account in order to get in. Dropbox has instructions on how to set up two-factor here, and people can find other services that use two-factor authentication here.