It might be a good idea for large companies like Dropbox--or frankly, anyone storing email addresses--to include a handful of (long, random, unguessable) canary addresses in their user DB which sound a high alarm if they ever receive email.
Just two wild guesses from my side, as I don't think that the whole database got compromised:
1. Some Accounts got compromised (phishing, trojan, whatever). In those account a list of all referral email-addresses can be seen. Those addresses have been targeted.
2. The Dropbox Application stores information about the email-addresses of people you have a shared folder with somewhere on your machine. This data got accessed by some kind of malware. Maybe this information could also be accessed trough the webinterface of compromised accounts (I am not sure about that).
Even a small-ish number of compromised accounts could lead to many addresses being leaked. I for example have about 15 referals and share folders with about 50 people.
Further down the thread, someone just started receiving spam in his dropbox@hisdomain address. I assume that the address was exclusively used for Dropbox...
He receives the exact same spam at his linkedin@hisdomain, which was previously leaked.
A coincidence is always possible, but the timing is suspicious.
If you read the whole thread, there are many people with "dropbox only" e-mail addresses that are being spammed, including some that are claiming that the address does not include the word "dropbox".
Are these people aware of the Rumplestiltskin strategy? dropbox@, linkedin@ both fit that, but what about the other addresses? Unless your e-mail address resembles what's currently considered a Strong password, you're going to get spam.
