Dropbox has been in the news recently for security reasons and now some positive news from the company. Earlier there was news that a bug in the service’s authentication software effectively made passwords optional for around four hours over the weekend — meaning that you could log into anyone’s account simply by entering their user name.

Given what Dropbox is used for — namely, syncing your most important files between computers — that’s a huge deal. Especially since the service has promoted its security features as one of its selling points. At the time Dropbox said that “much less than 1 percent” of users could have potentially been affected. Now we’ve obtained an email that Dropbox sent out this afternoon to users who were affected by the breach and it’s much more specific.

First, the good news: the scale of the attack affected “fewer than a hundred accounts” out of Dropbox’s 25 million total users. But according to the letter, those accounts were all accessed by a single individual. In other words, these weren’t accidental logins due to typos — someone discovered the hole and actively used it to access files that were not theirs.

Dropbox isn’t commenting on the breach, so it’s unclear whose accounts this individual was targeting.