Dropbox reported that a hacker gained unauthorized access to the systems of Sign software, formerly known as HelloSign. The attackers were able to access various personal data, but not the signatures. Those affected will be notified by email.
The company writes The cyber attack occurred on April 24, during which hackers gained access to Dropbox Sign’s “production environment.” Through an automated system configuration tool, the third party gained access to the software’s backend using a compromised “non-human account.”
Depending on how users interact with Dropbox Sign, different personal data may have been compromised. For example, users who did not have an account had access to their email addresses and names. Users with the account also had unauthorized access to phone numbers, hashed passwords, API keys, and authentication tokens. Dropbox emphasizes that this only pertains to account information, not content created in logins across these accounts, including digital signatures and documents.
The company automatically resets passwords and requires API clients to generate new API keys. Users using multi-factor authentication will also need to reset this feature.
More Stories
Strong increase in gas export pipeline from Norway to Europe
George Louis Bouchez still puts Julie Tatton on the list.
Thai Air Force wants Swedish Gripen 39 fighter jets