The cyber attack potentially compromised all users’ personal data and login details.
On May 1, 2024, Dropbox, the US online file-sharing specialist, announced its electronic signature platform, Dropbox Sign, had been the victim of a hack. Identified on April 24, 2024, the intrusion allegedly caused massive data and login detail theft.
The stolen data includes emails, usernames, telephone numbers and password hashes, and potentially affects all Dropbox Sign accounts. The leak does not just affect subscribed users, but also those who simply signed a document on Dropbox Sign. It is believed their names and email addresses have been compromised as well.
The cybercriminals are also thought to have stolen API keys, Auth0 access tokens and MFA (multifactor authentication) keys. The consequences could be serious, as this last bit of information makes it possible to authenticate a document.
Therefore, Dropbox reset all platform user passwords, disconnected all active sessions and restricted the use of API keys. The company explains the attack only affected the infrastructure of Dropbox Sign, which is separate from other company systems.
By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.
By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.