If you’re a Dropbox user, particularly a user of Dropbox Sign, be aware that Dropbox has confirmed a data breach with compromised information including login credentials.
a threat actor had accessed data including Dropbox Sign customer information such as email addresses, usernames, phone numbers and hashed passwords, in addition to general account settings and certain authentication information such as API keys, OAuth tokens, and multi-factor authentication.
You may be thinking, “no big deal, I didn’t have anything valuable on that account, and certainly didn’t store a credit card there!”
But wait.
There is a good chance that the criminal can decrypt your password. Once that’s done, you can be sure that username/password combo from Dropbox Sign will be tried on any site where anything of value might be available.
If you re-use passwords across multiple sites, consider this a wake-up call reminding you that it’s very important to use a unique, strong password on every site.