If you haven't activated two-factor authentication on Dropbox yet, you may want to do so now, just in case you end up finding your credentials posted on the internet. A document posted on pastebin earlier contains 400 Dropbox usernames and passwords, which the poster claims are just a tiny fraction of a massive hack that compromises up to 7 million accounts. The poster has been asking for Bitcoin donations in exchange for more accounts, and by the looks of it, he got enough money, at least, to post another batch of log-in credentials within the same day. At the moment, it's still unclear how the hacker(s) got a hold of the usernames and passwords, but the cloud service told Engadget that Dropbox itself has not been hacked.

Update: Dropbox again stated that it has not been hacked, this time in a blog post, and says security measures are in place to detect accounts compromised with log-in info stolen from other sites.