Another thing I am working on for Mailhero is to start publicly listing sites/organizations that have leaked mail addresses. This list currently includes Coca Cola, Adobe, Neteller and others.
You can add box.net to the list. I used a one-off email address on their service and it got leaked. They were at least honest enough to confirm it did indeed happen to them:
We were recently informed by a handful of users that they had received spam email at the address associated exclusively with their Box account. We scoured our own systems and checked every possible scenario, and didn't find any evidence of our systems being compromised. Thanks to information sent to us by our customers, we were able to pin down that a third-party email service we used to send our newsletter to select users in February, March and April had been compromised.
No other information beyond email addresses were ever exposed to this vendor.
We sincerely apologize for the inconvenience this has caused our users. We continue to be committed to your privacy and keeping their confidential information safe. As a result of this issue, we're leaving this particular service provider immediately and consolidating all of our customer communication efforts within a single vendor with more robust security practices.