Dropbox says reused passwords are to blame for a wave of spam that’s hitting subscribers to the service. The company found that usernames and passwords recently stolen from other websites were used to sign in to some Dropbox accounts. One of these accounts belonged to a Dropbox employee, and it contained a project document with some users’ email addresses. This improper access led to the spamming of many users, Dropbox said. The company has taken various steps to improve security, including the coming introduction of two-factor authentication.