A Reddit post showed links leading to files with lists of Dropbox user names and passwords and the anonymous hacker requested bitcoin donations, promising more. There is no way to verify whether these are actually Dropbox accounts but in any case, the leak does prove vulnerability of users unless they take steps to protect and change their passwords frequently. The hacker responsible for the leak claimed to have millions of user account names and passwords in his possession
Dropbox, on the other hand, claimed that their services have not been hacked and that users and their passwords continue to remain protected. They claim that the user names and accounts could have been obtained from other sources and could be used with varying degrees of success to hack into Dropbox accounts if the user maintained the same user name and password. There is a strong suspicion that these leaked user names could have expired passwords. In any case Dropbox have taken adequate measures and have notified users to reset their passwords and make it stronger.
It is better to be safe than sorry and in case users have not received any notification, it is still in their interest to change their password.