Dropbox announced that its Dropbox Sign e-signature product, formerly known as HelloSign, was hacked, resulting in unauthorized access to customer data. In its SEC filing, the company said it discovered the breach on April 24 and launched an investigation. it states.
The attackers gained access to the automatic system configuration tool in Dropbox Sign’s infrastructure. it is seen. It is shared that the compromised account has elevated privileges that allow access to the customer database. While the full scope is still under investigation, Dropbox is confirming that certain details, such as emails and usernames, are accessible to all Sign users. .
It is stated that additional information is also at risk for some customers and this includes phone numbers, hashed passwords and authentication tokens such as API keys and OAuth tokens. Sensitive data, including the names and email addresses of third parties who received Sign accounts but did not create them, were also exposed.
After discovering the breach, Dropbox said its security teams immediately reset passwords, logged out of connected devices, and changed API keys and tokens to protect accounts. sğini sö is dying. As the investigation continued, law enforcement was informed. The company underlined that there is no evidence of infiltration of the contract, payment information or other systems outside of Sign. à He is drawing.
The company is directly communicating to affected users the steps they can take to protect themselves, but it is not stated how many customers’ personal data may have been stolen.
