RHC editorial team: May 2, 2024 11:42 am
Dropbox said hackers penetrated the e-signature platform’s production systems Dropbox Sign. They got it access to authentication tokens, multi-factor authentication (MFA) data, hashed passwords, and customer information.
The attack on Dropbox
Dropbox Sign (formerly HelloSign) is an electronic signature platform. Allows customers to store, send and sign documents online with legally binding signatures.
On April 24, 2024, Dropbox discovered a unauthorized access to DropBox Sign production systems and launched an investigation. It turned out that the attackers somehow they managed to access an automated tool. This tool allows the Dropbox Sign system setup, which is part of the platform’s backend services.
Support Red Hot Cyber through
Using this tool, hackers were able to run automated applications and services with elevated privileges. This he granted him to reach the customer database.
“Upon further investigation, we discovered that the attackers gained access to data, including Dropbox Sign customer information. This included emails, usernames, phone numbers and hashed passwords. As well as general account settings and some authentication data (such as API keys, OAuth tokens, and MFA)”says Dropbox.
Not only accounts registered at DropBox Sign were affected
Note that people who used the Dropbox Sign e-signature platform, but did not create an account, were also affected, in their case email addresses and names were leaked.
The company says that it found no evidence that the attackers had access to documents, agreements or customer payment information. They pointed out that “Dropbox Sign’s infrastructure is largely separate from other Dropbox services.”
At the moment, DropBox has reset all user passwords, terminated all Dropbox Sign sessions, and restricted the use of API keys until they are replaced by customers. The company is now sending emails to all users affected by this incident.
We also recommend that Dropbox Sign customers be wary of possible phishing campaigns that could use stolen data to collect sensitive information (such as passwords).
The Red Hot Cyber editorial team is made up of a group of individuals and anonymous sources who actively collaborate by providing preview information and news on cybersecurity and IT in general.
