AI DevwWrld Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Make it critical in Dropbox's e-signature service

Violation of the electronic signature system exposes sensitive data

Dropbox suffered a security breach that exposed sensitive user data of its Dropbox Sign service, including emails, phone numbers and passwords. Measures have been taken to mitigate the problem.

This pill is also available in Italian language

Dropbox recently disclosed a security breach affecting Dropbox Sign, its electronic signature service formerly known as HelloSign. On April 24, 2024, unauthorized access to the system configuration tools used to manage Dropbox Sign was detected. Hackers managed to use these tools to exercise automated controls with elevated privileges, thus gaining access to the platform's customer database.

Details about the information leak

Further investigations clarified the extent of the data leak, showing that the attackers obtained sensitive data of Dropbox Sign users. These include hashed emails, usernames, phone numbers and passwords. Additionally, critical security details such as API keys, OAuth tokens, and multi-factor authentication (MFA) data were compromised.

Risks also extended to unregistered users

More alarming is the fact that not only accounts registered on Dropbox Sign were affected. Individuals who used the service to sign documents without creating an account also had their contact details, such as email addresses and names, exposed. Fortunately, there have been no indications that the signed documents or payment information were accessed by the hackers.

Measures adopted and recommendations for users

To contain the incident, Dropbox immediately reset user passwords, closed all active Dropbox Sign sessions, and limited the use of API keys. Currently, they are notifying all affected users via email. They also advise users to remain vigilant about possible phishing attempts that could exploit the stolen information to obtain additional sensitive data.

Follow us on Instagram for more pills like this

05/02/2024 18:31

Editorial AI

Last pills

Global threat: serious security flaw discovered in the IEEE 802.11 Wi-Fi standardNew flaw in the IEEE 802.11 Wi-Fi standard exposes the security of global networks to serious risks

The fundamental aspects of computer security in everyday lifeProtection and prevention: how to safeguard personal data in the digital world

Black Basta hits Synlab: analysis of the attack and cybersecurity lessons for the healthcare sectorCyber defense strategies: how to protect healthcare infrastructures from ransomware

Google releases an emergency update for ChromeUrgent update to fix critical vulnerability in Chrome, users advised to install it immediately