I'm still getting almost daily phishing/malware from the Mt Gox leak in 2011, and I never even signed up for anything more than to see what it's interface was like. Can't imagine how that will be with people having copies of passports (supposedly).
My spam folder is also full of, well, spam addressed to the email address I supplied to Dropbox (and only Dropbox) when I first signed up there sometime in 2011 and later leaked (I think 2012).
Sometimes I wish data privacy laws were stricter, but it appears that not even financial services laws are sufficiently strict, as just demonstrated here.
Please contact Dropbox support about this. Mine vendor-tagged address leaked on or before 3 Feb 2014, as that's when I got the first spam. I'm currently in the middle of persuading them that they have a security issue, and more people expressing the problem would be helpful.
The spam to mine goes back to at least March 2013 (yeah, I like to keep spam, makes it easier to train filters later one…), possibly earlier, so I don’t think that it is a recent leak.
I have stopped using Dropbox shortly after receiving the first such spam email, so I cannot comment on more recent leaks.
Pretty much what mine is too, a pile of spam from various compromises services I should have done better than to trust. Mt Gox, Dropbox, Bitstamp (yeah, they never made a big mention of that one) and a variety of other small services.
> Sometimes I wish data privacy laws were stricter
I think the laws and awareness are good enough atm, but no laws and probably no amount of knowledge or auditing will stop a data leak from indadvertedly occurring.
It happens relatively rarely that a large multinational food company poisons half its customers (or so I like to think), hence I would assume that laws and proper auditing can stop such problems.
In summary I have spent at least five to ten minutes (and likely more) on spam brought to me by Dropbox without any compensation. How about a fixed payout of, say, 100€ per leaked detail (username, password, email etc.), payable immediately to each customer? At least companies with bad security would be out-of-business soon.
