Unknown individuals have already published 400 user account logins and passwords - which appear to be legitimate - to online forum Pastebin as a "teaser".
The authors claim in a post to have accessed account log-ins and passwords as well as users' photos, videos and other files stored in their Dropbox accounts and have threatened to release a full set of 6.9 million details they claimed to have compromised in segments unless they receive an unspecified amount in bitcoins.
"Come back and check Pastebin for new Dropbox drops. The more BTC (ie, bitcoins) donated will reflect how many more login and passwords are released public," the post said.
Dropbox scrambled to respond saying the credentials posted so far had been compromised via a third-party application in an earlier incident.
"These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts," a spokesperson said.
"We'd previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well."
Dropbox has previously offered two-factor authentication to allow users to confirm a log-in attempt with a temporary code sent to their phone in the months following a security incident in 2012.
Users can activate two-factor authentication on Dropbox by selecting the "security" tab within the settings option in their account.