top of page
  • tech360.tv
    • May 4
    • 2 min read

Dropbox Breach: Unauthorised Access Compromises User Data Immediate Action Taken, Security Measures Strengthened

Updated: May 6

Dropbox confirms unauthorised access to customer information, including passwords and 2FA data. The breach specifically targeted the Dropbox Sign platform, with no impact on other Dropbox platforms or products. Users are advised to reset their passwords and log out of connected devices.

The breach specifically targeted the Dropbox Sign platform, but the company assures users that no other Dropbox platforms or products were affected.


The incident came to light on April 24 when Dropbox discovered the unauthorised access to its production environment. In a statement, the company acknowledged that customer information had been compromised but emphasised that they are taking immediate action to protect users' data. Dropbox is currently reaching out to all affected users, providing step-by-step instructions on how to further secure their accounts.


According to the ongoing investigation, the hacker gained access to an automated system configuration tool used by Dropbox Sign. They then compromised a service account with elevated privileges, allowing them to access both the production environment and the customer database. As a precautionary measure, Dropbox has reset users' passwords and logged them out of any devices connected to Dropbox Sign. Users will receive an email prompting them to reset their passwords the next time they log in.


Despite the breach, Dropbox has stated that there is no evidence to suggest that the attackers accessed any documents, agreements, or other content stored in users' accounts. However, individuals who received or signed a document using the Dropbox Sign service may have had their email addresses and names exposed. Dropbox is actively reaching out to these impacted users and expects to complete all notifications within a week.


In addition to addressing the breach, Dropbox has issued a warning to its API customers. They are advised to rotate their API keys, generating new ones and deleting the existing keys. While functionality may be temporarily restricted during this process, signature requests and signing capabilities will remain operational. Once the API keys are rotated, all restrictions will be lifted, and the product will continue to function as normal.

 

  • Dropbox confirms unauthorised access to customer information, including passwords and 2FA data.

  • The breach specifically targeted the Dropbox Sign platform, with no impact on other Dropbox platforms or products.

  • Users are advised to reset their passwords and log out of connected devices.


Source: FORBES

As technology advances and has a greater impact on our lives than ever before, being informed is the only way to keep up.  Through our product reviews and news articles, we want to be able to aid our readers in doing so. All of our reviews are carefully written, offer unique insights and critiques, and provide trustworthy recommendations. Our news stories are sourced from trustworthy sources, fact-checked by our team, and presented with the help of AI to make them easier to comprehend for our readers. If you notice any errors in our product reviews or news stories, please email us at editorial@tech360.tv.  Your input will be important in ensuring that our articles are accurate for all of our readers.

bottom of page