Dropbox Sign Hack: What You Need to Know

On April 24, 2024, Dropbox experienced an unauthorized access to its Dropbox Sign service, which is used for digitally signing documents. Here are the key details about this incident:

What Happened?

  • Unauthorized Access: An attacker gained access to the production environment of Dropbox Sign without permission.
  • Exposed Information: User information was compromised, including:
    • Email Addresses
    • Phone Numbers
    • Login Credentials

Impact and Measures Taken

  • Affected Users: The attack only impacted Dropbox Sign, not other Dropbox products.
  • Compromised Data: The attacker accessed data such as email addresses, usernames, phone numbers, and hashed passwords.
  • Compromised Login Elements: Login elements like API keys, OAuth tokens, and multifactor authentication were also affected.
  • Secure Signed Documents and Payments: Fortunately, signed documents and payment information remained secure.
  • Protective Measures: Dropbox took steps to protect affected users, including password resets and rotation of API keys and OAuth tokens.

The Dropbox Sign hack serves as a reminder of the importance of cybersecurity. If you're a Dropbox user, be sure to change your password and monitor any unusual activity in your account.

DISQUS