Dropbox, a famous file hosting site, has just suffered a rather significant cyberattack. More specifically, it is Dropbox Sign, the company’s electronic signature service, which is affected.
Dropbox is one of the most recognized cloud storage services in the world. While Dropbox Inc., the company responsible, just announced two days ago that it was strengthening its security, this did not prevent hackers from breaking into their architecture. A new attack this time targeting its online electronic signature service (formerly HelloSign), which comes a little more than two years after the platform was the victim of a phishing campaign.
What information was compromised?
The events took place on April 24. DropBox Sign teams detected unauthorized access to its production systems and immediately launched an investigation. This revealed that the hackers were able to exploit an automated configuration tool, granting them elevated privileges and direct access to the customer database.
DropBox ensures that electronic documents and agreements stored on the platform are safe and sound. On the other hand, the hackers were able to get their hands on various user identification elements. After an internal investigation, Dropbox Sign said the hackers were able to gain access to:
- Email addresses
- Usernames
- Phone numbers
- Encrypted passwords
- General account settings
- Authentication information such as API keys, OAuth tokens, and multi-factor authentication (MFA) keys
Occasional users, who have not necessarily created an account on the platform, but have used its services to sign a document, also see their email addresses and names compromised. Rather annoying.
What steps has DropBox taken?
Faced with this security breach, Dropbox reacted fairly quickly by taking several corrective measures. These include resetting all user passwords, force logging out of all active sessions on Dropbox Sign, restricting the use of API keys until they are replaced by affected customers. The company obviously communicated by email with all customers affected by this attack to inform them.
According to official Dropbox recommendations, DropBox Sign users should be vigilant against possible phishing attempts aimed at recovering their confidential information. If this applies to you, be absolutely suspicious of any email asking you to reset your password, especially if it contains a link. Instead, prefer a direct connection via the platform to modify it yourself.
Source : Bleeping Computer
See the offer
7
- Real free version
- Clear computer interface
- Integration possibilities
HelloSign offers a free version that is easy to use. The program is as easy to learn as its parent brand Dropbox. Its free version is quite limited with few shipments possible each month, but you can appreciate the free access to real features. We will be careful with qualified signatures, the option of which can increase the bill. It is also better to avoid relying on the mobile version of the web application.
HelloSign offers a free version that is easy to use. The program is as easy to learn as its parent brand Dropbox. Its free version is quite limited with few shipments possible each month, but you can appreciate the free access to real features. We will be careful with qualified signatures, the option of which can increase the bill. It is also better to avoid relying on the mobile version of the web application.
0