Several weeks ago, reports started to trickle out that a number of Dropbox users were under attack from spam. Since then, Dropbox has been investigating those attacks (with some help from a third-party) and today gave the first update on the progress, saying that some accounts were indeed accessed by hackers, but that it is now adding two-factor authentication and other security features to prevent further problems.

For some background: On July 17th, a number of Dropbox users begun noticing an increase in the level spam attacking their accounts. As Sarah reported at the time, the red flag appeared when users begun reporting that the email accounts receiving spam were in fact only tied to their Dropbox accounts, which indicated that the address leak had come from Dropbox itself. Many of those reports came from the company’s international users, including Germany, the U.K. and the Netherlands.