Search
HomeGame GuidesDropbox Sign Suffers Data Breach; Email messages, phone numbers and more...

Dropbox Sign Suffers Data Breach; Email messages, phone numbers and more victims

Game Guides

Published on

By admin

Dropbox announced today that its electronic signature product, Dropbox Sign, formerly known as HelloSign, has been breached, resulting in unauthorized access to customer data. In an SEC filing, the company I have written It discovered the breach on April 24 and launched an investigation.

The attackers apparently gained access to an automated system configuration tool within Dropbox Sign’s infrastructure. The compromised account had elevated privileges that allowed access to the customer database. While the full scope is still under investigation, Dropbox confirms that certain details such as emails and usernames were accessible to all Sign users.

For some customers, additional information was also at risk. This includes phone numbers, hashed passwords, and authentication tokens such as API keys and OAuth tokens. Sensitive data from third parties who received Sign accounts but did not create them was also exposed, including names and emails.

Dropbox I have written in a blog post;

On April 24th, we became aware of unauthorized access to the Dropbox Sign (formerly HelloSign) production environment. Upon further investigation, we discovered that a threat actor accessed data including Dropbox Sign customer information such as email, usernames, phone numbers, and hashed passwords, in addition to general account settings and certain authentication information such as API keys, OAuth tokens, and multi-factor authentication.

Dropbox says that upon discovery of the breach, security teams immediately reset passwords, disconnect connected devices and rotate API keys and tokens to protect accounts. Law enforcement has been notified while the investigation is ongoing.

Dropbox also stated that there was no evidence that contract content, payment information or other systems beyond Sign were compromised.

The company is contacting affected users directly with steps they can take to protect themselves. However, he did not specify how many customers may have had their personal data stolen. The company also says the investigation is ongoing and will provide further updates.

Latest articles

More like this

We here at steamplayers.com are a team of hard working gaming enthusiasts. We make every effort to bring the best of the gaming world to you in the form of game guides and blogs.

© All Right Reserved | Steam Players