Dropbox suffered a serious hack that exposed sensitive data from its users

Dropbox, the well-known cloud storage service, has revealed that a hacker breached its computer systems on April 24, resulting in the leakage of confidential information, including passwords and authentication data. The unauthorized access occurred in Dropbox Sign, formerly known as HelloSign, a company acquired by Dropbox in 2019 that allows for digital document signing.

Dropbox DOWNLOAD

The hack compromised the information of all Dropbox Sign users, including account settings, names, email addresses, and in some cases, phone numbers, hashed passwords, API keys, and OAuth tokens. However, there is currently no evidence that the content of user accounts or payment data has been accessed.

The company ensures that the incident was limited to the Dropbox Sign infrastructure and did not affect other Dropbox products. It also states that it has hired forensic investigators and has notified regulatory authorities. Although Dropbox does not anticipate a “material” impact on its operations or financial situation, the company expects potential litigation and changes in customer behavior due to the incident.

API clients of Dropbox Sign will need to generate new access keys, and will have certain functions temporarily restricted. “Only signature requests and signing capabilities will remain operational for the continuity of your business. Once you rotate your API keys, the restrictions will be lifted and the product will continue to function normally,” says Dropbox.

The company is in the process of notifying affected users and will provide assistance in this regard. This incident adds to previous security issues with Dropbox, such as a phishing campaign in 2022 that allowed a group of hackers to access the company’s GitHub accounts, obtaining confidential information.

Dropbox DOWNLOAD