Others agreed that . "Dropbox has had a checkered history with security, but perhaps this was the wakeup call they needed," Chester Wisniewski, senior security adviser for Sophos, said in an interview via email.

Dropbox has said it will beef up security in light of the breach. The company soon plans to introduce a number of new controls, including two-factor authentication in which a temporary code would be sent to a user's mobile phone.

Other security upgrades include a new page that shows logs of user activity and other automated mechanisms for identifying suspicious activity. Dropbox may also start prompting users to change passwords that have been in use for a long time.

While Dropbox's security plans are likely to be welcomed, the bigger problem for businesses is that workers use such cloud-based services -- without a corporate okay -- to store sensitive documents that could violate compliance laws or internal data privacy rules, Kindervag said. Dropbox would not be the place to store such information, because the site doesn't provide businesses with adequate levels of control, such as auditing of data and tracking who got the information and what was done with it.

"While I certainly understand that users often feel like they need to do things to get their job done, they need to think about the security implications," Kindervag said. "Dropbox, from my perspective, is a very consumer kind of solution."