OK, reality check: All those headlines and stories claiming Dropbox was "hacked" contain a false statement and a misleading omission, making them technically false (consult your local rules of professional responsibility).
Dropbox wasn't hacked. That's the false statement. According to Dropbox, the usernames and passwords posted on Pastebin were login credentials stolen from other services. The thieves then used those same credentials to attempt to log in to Dropbox accounts.
The second statement, which is misleading, is that the hacks aren't even new. Dropbox wouldn't say when the credentials were stolen, but in a statement said the passwords "have been expired for some time now." Dropbox, like every online service provider, has the ability to forcibly expire user passwords, making them useless for logging in. This is a common first line of defense when a provider knows it's been hacked and it prevents thieves from using the stolen passwords.