Particle.news
Get it on Google Play
Download on the App Store
3 ARTICLES
·
2y ago

Dropbox Sign Breach Exposes Customer Data and Authentication Secrets

Hackers accessed sensitive information including emails, usernames, and authentication data from Dropbox Sign, prompting urgent security measures.

Overview

  • Dropbox confirmed a breach in Dropbox Sign’s production systems, exposing emails, usernames, phone numbers, hashed passwords, and authentication data.
  • The breach, detected on April 24, involved unauthorized access via a compromised service account with elevated privileges.
  • No evidence suggests that documents or agreements were accessed, but exposed data increases the risk of phishing and identity theft.
  • Dropbox has reset passwords, logged out users, and advised customers to rotate API keys and enable new MFA configurations.
  • Security experts warn of the potential for targeted phishing attacks due to the nature of the stolen data.