How many victims are affected and what data was stolen?
A cyberattack on DropBox resulted in unauthorized access to the DropBox Sign service, an electronic signature platform. This was reported by the press service of the company.
The incident was identified on April 24, after which an investigation was launched. It was determined that an attacker gained access to the automated Dropbox Sign system configuration tool using a compromised service account. This gave the hacker the ability to execute applications and automated services with elevated privileges and access to the customer database.
The threat target obtained data from DropBox Sign users, including email addresses, usernames, phone numbers, and hashed passwords. Account settings and authentication data – API, OAuth tokens, and multi-factor authentication keys-were also available.
Representatives of DropBox clarified that no evidence of access to customer documents, as well as to other DropBox services, was found.
In response to the incident, the company reset the passwords of all DropBox Sign users, terminated all sessions in the system, and restricted the use of API keys until they were updated by customers. Recommendations were also made for re-configuring multi-factor authentication using new keys.
Currently, DropBox notifies affected customers and warns them against possible phishing attacks that use stolen data to obtain passwords. If you receive suspicious emails from DropBox Sign, we recommend that you do not click on the links in them, but directly visit the site to reset your password. If you have used the Dropbox Sign password on other services, we strongly recommend that you change it and enable multi-factor authentication where possible.
A cyberattack on DropBox resulted in unauthorized access to the DropBox Sign service, an electronic signature platform. This was reported by the press service of the company.
The incident was identified on April 24, after which an investigation was launched. It was determined that an attacker gained access to the automated Dropbox Sign system configuration tool using a compromised service account. This gave the hacker the ability to execute applications and automated services with elevated privileges and access to the customer database.
The threat target obtained data from DropBox Sign users, including email addresses, usernames, phone numbers, and hashed passwords. Account settings and authentication data – API, OAuth tokens, and multi-factor authentication keys-were also available.
Representatives of DropBox clarified that no evidence of access to customer documents, as well as to other DropBox services, was found.
In response to the incident, the company reset the passwords of all DropBox Sign users, terminated all sessions in the system, and restricted the use of API keys until they were updated by customers. Recommendations were also made for re-configuring multi-factor authentication using new keys.
Currently, DropBox notifies affected customers and warns them against possible phishing attacks that use stolen data to obtain passwords. If you receive suspicious emails from DropBox Sign, we recommend that you do not click on the links in them, but directly visit the site to reset your password. If you have used the Dropbox Sign password on other services, we strongly recommend that you change it and enable multi-factor authentication where possible.
