I believe the actual problem was that a user was less that careful with their own account details and allowed others to gain access. Once in to that person's account they were able to get that person's files, one of which contained their contacts email addresses and other data.

Dropbox and many other sites have always promoted password safety. Basics such as not to leave your laptop open and accessible where someone (a co-worker?) might take advantage of it. Do not use easy to guess passwords. Do not use the same password on different sites.

They, and other similar sites suggest that sensitive data should be encrypted before uploading.

Basic common sense really.