Dropbox Sign Confirms Hackers Breached System

X

Dropbox this week admitted that hackers breached its Dropbox Sign product and accessed information including user’s emails, usernames, phone numbers and hashed passwords.

“On April 24th, we became aware of unauthorised access to the Dropbox Sign (formerly HelloSign) production environment,” it said in a blogpost on Dropbox Sign. It did not give specifics about how many people were affected by this breach.

The hacker reportedly gained access to general account settings and certain authentication information such as API keys, OAuth tokens, and multi-factor authentication.

For those who received or signed a document through Dropbox Sign, but never created an account, email addresses and names were also exposed in the breach.

It added that for those who created a Dropbox Sign or HelloSign account, but did not set up a password with the platform (e.g. “Sign up with Google”), no password was stored or exposed.

It says that investigations are ongoing, although it says that the incident was isolated to Dropbox Sign infrastructure, and it does not “believe” that it impacted any other Dropbox products.

e87073f1 466f 4330 bbf6 152a73e8417e Dropbox Sign Confirms Hackers Breached System
Hackers on computers wearing face masks. Image: Microsoft Copilot

Explaining the nature of the breach, Dropbox said that its preliminary investigations have revealed that a third party gained access to a Dropbox Sign automated system configuration tool. The actor compromised a service account that was part of Sign’s back-end, which is a type of non-human account used to execute applications and run automated services.

“As such, this account had privileges to take a variety of actions within Sign’s production environment. The threat actor then used this access to the production environment to access our customer database,” it said.

For Dropbox Sign products, the team has expired user password and logged them out of any devices they had connected to Dropbox Sign. An email to reset passwords has been sent to all Dropbox Sign users.

In Australia, the annual Cyber Threat Report 2022-2023 released in November last year found that the average cost of cybercrime per report rose by 14 per cent from 2021-22, to $71,600 for large businesses, A$97,200 for mid-size businesses and A$46,000 for small businesses.

The report noted that the Australian Signals Directorate’s cyber security centre received over 94,000 reports of cybercrime over the financial year, an increase of 23 per cent from 2021-22.

728x90 we see oled CN Dropbox Sign Confirms Hackers Breached System
241211 SAV Ruark CNewsJan Leader Dropbox Sign Confirms Hackers Breached System
Westan 728x90px Dropbox Sign Confirms Hackers Breached System
denon perl white 728x90 1 Dropbox Sign Confirms Hackers Breached System
728 x 90 Dropbox Sign Confirms Hackers Breached System
728x90 Dropbox Sign Confirms Hackers Breached System
Litheaudio 728x90 Dropbox Sign Confirms Hackers Breached System
JBL TourPro3 728x90 Dropbox Sign Confirms Hackers Breached System
WEB BANNERS5 scaled Dropbox Sign Confirms Hackers Breached System
hitachi banner 728x90 Dropbox Sign Confirms Hackers Breached System
Olimpia Splendid Unico Cooling 728x90 1 scaled Dropbox Sign Confirms Hackers Breached System
BACK2SCHOOL 2025 Banner 728x90px Dropbox Sign Confirms Hackers Breached System
PAN2664 ChannelNews Banner CM3 728x90px V1 Dropbox Sign Confirms Hackers Breached System
728x90 Dropbox Sign Confirms Hackers Breached System
Haier 728x90 1 Dropbox Sign Confirms Hackers Breached System
MaxRanger4K Leaderboard 728x90 Dropbox Sign Confirms Hackers Breached System

YOU MAY ALSO LIKE