Update: Dropbox claims that they were not, in fact, hacked, citing third-party sources for the list of compromised accounts. A subsequent list of usernames and passwords which was posted online has since been verified by the company to not be associated with Dropbox accounts.
Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well.
Dropbox has been reportedly hacked, with the username and plain text password combinations of at least 400 users uploaded to Pastebin as a "teaser" for a larger release of information.
The total hack allegedly comprises of the information of 6.9 million users, which is a small subset of Dropbox's 200+ million user base. Nevertheless, this hack is concerning for users of the service, who expect that their personal files including photos and videos are safe.
At this stage it's not clear who is responsible for the hack, or whether they do in fact have the account details of 6.9 million users. Some people have tested the information already published and can confirm it is genuine, however the release could be an elaborate scam to pry money from those with malicious intent.
Whoever released the current set of information is asking for Bitcoins to release more. Whether or not a further release will occur remains to be seen.
Regardless of whether the hack is real or a scam, to be on the safe side we advise that you log in to your Dropbox account, change your password immediately, and enable two-factor authentication.
Dropbox is already aware of this security breach, and are forcing password resets for all users who have their information exposed on Pastebin.