DropBox recently disclosed a significant security breach impacting its DropBox Sign eSignature platform, formerly known as HelloSign. The breach, which was detected on April 24, involved unauthorized access to DropBox Sign’s production systems. Hackers managed to exploit an automated system configuration tool within the platform’s backend services, allowing them to execute applications and automated services with elevated privileges. This breach resulted in the exposure of sensitive authentication data, including MFA keys, hashed passwords, and authentication tokens.
The attackers accessed a wide array of customer information through the compromised configuration tool. Exposed data includes email addresses, usernames, phone numbers, and general account settings, along with specific authentication information such as API keys, OAuth tokens, and multi-factor authentication (MFA) keys. For users who interacted with the DropBox Sign platform without registering an account, their names and email addresses were also exposed. However, DropBox has confirmed that there was no evidence of access to customers’ documents or agreements and that other DropBox services were not affected by this breach.
In response to the breach, DropBox took several immediate security measures to contain the incident and prevent further unauthorized access. This included resetting passwords for all DropBox Sign users, logging out all sessions associated with DropBox Sign, and implementing restrictions on how API keys can be used until customers rotate them. DropBox has also provided detailed guidance in their security advisory on how to rotate API keys and reconfigure MFA with a new key to regain full privileges.
DropBox is actively reaching out to all affected customers and advising them to be vigilant against potential phishing campaigns that may exploit the breached data to collect more sensitive information. Customers are urged to directly visit the DropBox Sign website to reset their passwords, rather than clicking through links in emails, which could be malicious. This incident follows a previous security breach in 2022, where DropBox’s GitHub accounts were compromised, leading to the theft of 130 code repositories. This pattern underscores the ongoing cybersecurity challenges DropBox faces, highlighting the need for continual enhancement of their security measures.
