May 1, 2024 at 06:24PM
Hackers breached Dropbox Sign’s production systems, accessing authentication tokens, MFA keys, hashed passwords, and customer data. The company detected unauthorized access on April 24 and found that threat actors gained access to an automated system configuration tool, allowing them to access the customer database. Dropbox reset all users’ passwords and is advising customers on security measures.
Key Takeaways from the Meeting Notes:
1. DropBox Sign (formerly HelloSign), an eSignature platform, experienced a security breach where hackers gained access to authentication tokens, MFA keys, hashed passwords, customer information, and other account settings.
2. The unauthorized access to DropBox Sign’s production systems was detected on April 24, prompting an immediate investigation by the company.
3. The threat actors accessed a configuration tool within the platform’s backend services, allowing them to execute applications and automated services with elevated privileges, resulting in access to the customer database.
4. Affected customer information includes emails, usernames, phone numbers, hashed passwords, API keys, OAuth tokens, and multi-factor authentication details. Even customers who didn’t register an account had their email addresses and names exposed.
5. DropBox has taken immediate actions such as resetting all users’ passwords, logging out all sessions, restricting API key usage until they are rotated, and providing guidance on rotating API keys and reconfiguring MFA.
6. As a precaution against potential phishing campaigns, customers have been advised to be cautious and not follow any links in emails asking to reset passwords, but instead to visit DropBox Sign directly to reset passwords from the official site.
7. The company is in the process of emailing all impacted customers and warns of potential phishing campaigns attempting to collect sensitive information, like plaintext passwords.
It is essential for DropBox Sign customers to remain vigilant and follow the recommended steps to protect their accounts and sensitive information.