MEXCDropbox Sign Hit With Massive Data Breach, Here’s What Happened
Highlights
- Dropbox Sign has suffered a major data breach
- Multi-Factor Authentication (MFA) data were carted away with
- Dropbox Sign is responding to the breach, claims no payment info was compromised
e-signature startup, Dropbox Sign confirmed there was a massive data breach by hackers who gained access and compromised sensitive customer information. The breach enabled the hackers to gain unauthorized access to a service account that was part of the product’s back-end.
What Happened and What Was Compromised?
According to a data breach notification published on Dropbox Sign’s website, the compromised account, described as a “non-human account used to execute applications and run automated services,” granted the attacker access to the production environment and, subsequently, the customer database.
The compromised database accessed by the hacker contained a selection of sensitive information, including customer emails, usernames, phone numbers, hashed passwords, general account settings, API keys, OAuth tokens, and Multi-Factor Authentication (MFA) details.
Surprisingly, there was a category of individuals who did not register for an account but received or signed a document through the service. These groups also had their email addresses and names exposed in the breach.
Dropbox Sign has, however, assured that, as far as it is aware, there is no evidence signifying that the attackers accessed customer account contents or payment information. Hackers are known to steal information to defraud, like the recent movement of $2.6 million to Tornado Cash by the Prisma Finance hacker.
Dropbox Sign Responds to Data Breach
In response to the data breach which was first discovered on April 24, Dropbox took immediate measures to mitigate the damage and protect user data. This included resetting user passwords and logging users out of all their connected devices to ensure the integrity of customer accounts.
Additionally, the company is coordinating the rotation of all API keys and OAuth tokens to prevent further unauthorized access. It has also reported the breach to law enforcement, and Dropbox Sign says it is committed to collaborating with authorities to investigate the incident.
In the meantime, Dropbox is reaching out to all users affected by the data breach to walk them through steps on how to further safeguard their data. The cloud storage platform says it is also reviewing the incident to prevent future recurrence.
It is yet to be seen the impact this will have on Dropbox’s value given the stiff competition among companies in the traditional financial and tech sectors.
- $7B Virtu Financial Holds $63M XRP as Whales Accelerate Daily Sell-Off
- Breaking: Coinbase Nears $2B Deal to Buy Stablecoin Platform BVNK
- Coinbase CLO Fires Back at Senator Murphy Over ‘Corruption Factory’ Claim
- Crypto Prices Rise: Why Are BTC, ETH, LTC, XRP, SHIB, and ADA Up Today?
- Michael Saylor’s Strategy Eyes S&P 500 Spot Amid Bitcoin-Backed Credit Products Launch
- Pepe Coin Price Forms Multi-Year H&S Pattern as Whale Selling Intensifies
- Ethereum Price Forecast: $5K in Sight Post-Fusaka Upgrade
- Chainlink Price Eyes $25 as AllUnity Integrates CCIP for EURAU Expansion
- Sei Price Forecast: Will Robinhood Listing Spark a Rally?
- XRP Price Outlook as ETF Nears Possible November 13 Launch
- Cardano Price Risks 20% Crash Amid Death Cross and Falling ADA ETF Odds
Why Trust CoinGape
CoinGape has covered the cryptocurrency industry since 2017, aiming to provide informative insights Read more…to our readers. Our journal analysts bring years of experience in market analysis and blockchain technology to ensure factual accuracy and balanced reporting. By following our Editorial Policy, our writers verify every source, fact-check each story, rely on reputable sources, and attribute quotes and media correctly. We also follow a rigorous Review Methodology when evaluating exchanges and tools. From emerging blockchain projects and coin launches to industry events and technical developments, we cover all facets of the digital asset space with unwavering commitment to timely, relevant information.
