Application security, Cloud Security, Data Security

Dropbox Sign breach impacts customer data

Close up to dropbox app on the screen of an iPhone X with personalized background

Major file hosting service Dropbox had information from users of Dropbox Sign, previously known as HelloSign, compromised following a cyberattack against the e-signature service provider late last month, reports The Record, a news site by cybersecurity firm Recorded Future.

All Dropbox Sign users had their names, emails, and account settings accessed by attackers, with some users also having their phone numbers, multi-factor authentication approaches, hashed passwords, and other authentication details exposed as a result of the incident, said Dropbox in a filing with the U.S. Securities and Exchange Commission. However, users' agreements, templates, and payment information are believed not to have been compromised by the incident, which Dropbox said only impacted the infrastructure of Dropbox Sign and not its other offerings.

Individuals with API access to Dropbox Sign were also informed regarding the generation of new API keys and temporary functionality restrictions amid breach remediation efforts. Such an incident comes more than a year after Dropbox reported having its GitHub accounts compromised following a successful phishing attack against its developers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.