Dropbox Digital Signature Service Exposes User Information in Security Breach – How to Protect Your Data

Dropbox has recently announced a security breach that affected their Dropbox Sign digital signature service, exposing user information such as emails, phone numbers, and login passwords. The technology company launched an investigation when unauthorized access was detected in the production environment on April 24. Initial findings indicated that no other products were affected as the infrastructures are separate, but the malicious actor did gain access to user data.

The stolen information includes email addresses, usernames, phone numbers, hashed passwords, account configurations, and login elements like API keys, tokens, and multi-factor authentication. Even users who didn’t create an account but used the service to sign electronic documents have been affected. However, signed documents and payment information remain secure. Users who have enabled login with another service, such as Google, have not had their passwords compromised.

As a response to this breach, Dropbox has informed affected users about the breach and provided a guide on securing their information. They have also reset account passwords, closed active sessions on different devices, and rotated API keys and Oauth tokens to enhance security measures. Dropbox is taking this incident seriously and is working hard to prevent similar incidents from happening in the future.