In a blog post yesterday (July 31), the company admitted that a stolen password was used to access an employee Dropbox account containing a project document detailing user email addresses.
Dropbox feels that this improper access is why some users of the service reported receiving spam over the last couple of weeks sent to email addresses that they only used for Dropbox.
A deeper investigation revealed that usernames and passwords were recently stolen from the website and used to sign into a "small number" of Dropbox accounts. These people have now been contacted by the firm and offered advice on how to protect their account details.
The company also claims that it has "put additional controls in place to help make sure it doesn't happen again".
"Keeping Dropbox secure is at the heart of what we do, and we're taking steps to improve the safety of your Dropbox even if your password is stolen," said the firm.
The company is also working on a new automated mechanism to help identify suspicious activity, along with a page that enables users to examine all active logins on their account.
Dropbox will also proactively encourage users to change their password if, for example, it is a commonly used term or has not been changed for a while.
"At the same time, we strongly recommend you improve your online safety by setting a unique password for each website you use," said the firm.
"Though it's easy to reuse the same password on different websites, this means if any one site is compromised, all your accounts are at risk. Tools like 1Password can help you manage strong passwords across multiple sites."
Last week, Dropbox announced that it has added support for OS X Mountain Lion, Apple's new Mac operating system which generated 3 million downloads in just four days after its release.