Photos and login credentials apparently leaked from third-party sites or apps that piggyback on these services.
The end result, if you used any of these 3rd party apps, still put you at risk.
Which is why very few (if any) of my passwords are shared between "services", and I never "Sign on from xxx". It's just not worth the risk. I'm trying to remember the security expert who had all his Apple i-stuff raped by (I think) Anonymous: he had everything linked. He couldn't even phone up from his iPhone, as his "Secret Questions" had been reset! IIRC, Amazon was involved at some stage, and had a lot of explaining to do. BUT: this fellow was the chief culprit, for linking everything.
A-a-a-n-d, I have CryptoPrevent to save me from CryptoLocker & clones
Reminder to self: upgrade every 1st-of-the-month!!!!!!
...and use two-step verification
I had a look at the recommendations, but how kludgy! The biggest problem is time. It's going to take some minutes to get the SMS from DropBox, while you've got the log-in screen open and ditto but much longer for the email. I've often waited up to 30 minutes for some "activation" emails to get back to me... My bank gave us this little gizmo that flashes up a number or something and gives you 36 seconds to get it into the form field with your log-on. So the time factor is eliminated. And--of course--it's a different number each time.
Gordon.