First, the good news: the scale of the attack affected “fewer
than a hundred accounts” out of Dropbox’s 25 million total
users. But according to the letter, those accounts were all
accessed by a single individual. In other words, these weren’t
accidental logins due to typos — someone discovered the hole and
actively used it to access files that were not theirs. That’s
obviously very alarming.