Dropbox has disclosed a cybersecurity incident, in filing with the SEC:
https://www.board-cybersecurity.com/incidents/tracker/20240501-dropbox-inc-cybersecurity-incident/#8-k-filed-on-2024-05-01
On April 24, 2024, Dropbox, Inc. (“Dropbox” or “we”) became aware of unauthorized access to the Dropbox Sign (formerly HelloSign) production environment. We immediately activated our cybersecurity incident response process to investigate, contain, and remediate the incident. Upon further investigation, we discovered that the threat actor had accessed data related to all users of Dropbox Sign, such as emails and usernames, in addition to general account settings. For subsets of users, the threat actor also accessed phone numbers, hashed passwords, and certain authentication information such as API keys, OAuth tokens, and multi-factor authentication. Based on what we know as of the date of this filing, there is no evidence that the threat actor accessed the contents of users’ accounts, such as their agreements or templates, or their payment information. Additionally, we believe this incident was limited to Dropbox Sign infrastructure and there is no evidence that the threat actor accessed the production environments of other Dropbox products. We are continuing our investigation.
BrianKrebs /
npub1vc…0axsh
2024-05-01 21:32:52
Author Public Key
npub1vc39pnjdqd77zzdxff4qyv8h3x0ey2mkx33c3vl8egr0a9ysxkxsk0axshPublished at
2024-05-01 21:32:52Event JSON
{
"id": "0857dd7719278f20738a1dd127cb5949e67b24ad405b23a1a7e22fdb26537904",
"pubkey": "662250ce4d037de109a64a6a0230f7899f922b76346388b3e7ca06fe9490358d",
"created_at": 1714599172,
"kind": 1,
"tags": [
[
"proxy",
"https://infosec.exchange/users/briankrebs/statuses/112367971346969315",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://infosec.exchange/users/briankrebs/statuses/112367971346969315",
"pink.momostr"
]
],
"content": "Dropbox has disclosed a cybersecurity incident, in filing with the SEC:\n\nhttps://www.board-cybersecurity.com/incidents/tracker/20240501-dropbox-inc-cybersecurity-incident/#8-k-filed-on-2024-05-01\n\nOn April 24, 2024, Dropbox, Inc. (“Dropbox” or “we”) became aware of unauthorized access to the Dropbox Sign (formerly HelloSign) production environment. We immediately activated our cybersecurity incident response process to investigate, contain, and remediate the incident. Upon further investigation, we discovered that the threat actor had accessed data related to all users of Dropbox Sign, such as emails and usernames, in addition to general account settings. For subsets of users, the threat actor also accessed phone numbers, hashed passwords, and certain authentication information such as API keys, OAuth tokens, and multi-factor authentication. Based on what we know as of the date of this filing, there is no evidence that the threat actor accessed the contents of users’ accounts, such as their agreements or templates, or their payment information. Additionally, we believe this incident was limited to Dropbox Sign infrastructure and there is no evidence that the threat actor accessed the production environments of other Dropbox products. We are continuing our investigation.",
"sig": "38d9536dbd9d32c3dfbe1593f60220dfe57806677b643336b55b7c2e72243148a8404ce6d538d3b90474e4ca2294dff35a1913330c19cf4eeb8333406de168d7"
}