{"id":22717,"date":"2024-05-02T11:12:11","date_gmt":"2024-05-02T15:12:11","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/dropbox-sign-breach\/22717\/"},"modified":"2024-05-02T20:37:44","modified_gmt":"2024-05-02T16:37:44","slug":"dropbox-sign-breach","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/dropbox-sign-breach\/22717\/","title":{"rendered":"Dropbox warns about a Dropbox Sign breach"},"content":{"rendered":"<p>Dropbox has shared the <a href=\"https:\/\/sign.dropbox.com\/blog\/a-recent-security-incident-involving-dropbox-sign\" target=\"_blank\" rel=\"nofollow noopener\">results of an investigation<\/a> into a hack of its infrastructure. The company doesn\u2019t specify when the incident actually occurred, stating only that the attack was noticed by company employees on April 24. Here, we explain what happened, what data was leaked, and how to protect yourself and your company from the consequences of the incident.<\/p>\n<h2>Dropbox Sign hack: how it happened and what data was stolen<\/h2>\n<p>Unidentified attackers have managed to compromise the Dropbox Sign service account, and thus gain access to the platform\u2019s internal automatic configuration mechanism. Using this access, hackers were able to lay their hands on a database that contains information about Dropbox Sign users.<\/p>\n<p>As a result, the following data of registered users of the Sign service was stolen:<\/p>\n<ul>\n<li>usernames;<\/li>\n<li>email addresses;<\/li>\n<li>phone numbers;<\/li>\n<li>passwords (hashed);<\/li>\n<li>authentication keys for the DropBox Sign API;<\/li>\n<li>OAuth authentication tokens;<\/li>\n<li>SMS and application two-factor authentication tokens.<\/li>\n<\/ul>\n<p>If users of the service have interacted with it without creating an account, only their names and email addresses have been leaked.<\/p>\n<p>Dropbox claims that it found no signs of unauthorized access to the contents of user accounts, that is \u2013 documents and agreements, as well as payment information.<\/p>\n<p>As a protective measure, Dropbox reset the passwords for all Dropbox Sign accounts and ended all active sessions, so you\u2019ll have to log in to the service again and set a new password.<\/p>\n<h2>Does the Dropbox Sign hack affect all Dropbox users?<\/h2>\n<p>Dropbox Sign, formerly known as HelloSign, is Dropbox\u2019s standalone cloud document workflow tool, used primarily for signing electronic documents. The closest analogues of this service are DocuSign and Adobe Sign.<\/p>\n<p>As the company emphasizes in its statement, Dropbox Sign\u2019s infrastructure is \u201clargely separate from other Dropbox services\u201d. Judging by the results of\u00a0the company\u2019s investigation, the Dropbox Sign hack was an isolated incident and did not affect other Dropbox products. Thus, according to the information we have now, it doesn\u2019t in any way threaten users of the company\u2019s main service, Dropbox cloud file storage itself. This is also true for those users whose Sign account was linked to their main Dropbox account.<\/p>\n<h2>What should you do about Dropbox Sign being hacked?<\/h2>\n<p>Dropbox has already reset passwords for all Dropbox Sign accounts. So you will have to change the password in any case. We recommend using a completely new password rather than a slightly modified version of the old one. Ideally, you should generate a long random combination of characters using <a href=\"https:\/\/me-en.kaspersky.com\/password-manager?icid=me-en_kdailyplacehold_acq_ona_smm__onl_b2c_kasperskydaily_wpplaceholder____kpm___\" target=\"_blank\" rel=\"noopener\">password manager<\/a> and store it there.<\/p>\n<p>Since two-factor authentication tokens were also stolen, you should reset them as well. If you used SMS, the reset occurred automatically. And if you used an application, you will have to do it yourself. To do so, go through the process of registering your authenticator app with the Dropbox Sign service again.<\/p>\n<p>The list of data stolen by hackers also includes authentication keys for the Dropbox Sign API. So if your company used this tool through the API, you need to generate a new key.<\/p>\n<p>Finally, if you\u2019ve used the same password in any other services, you should change it as \u00a0quickly as possible \u2013 especially if it was accompanied by the same username, email address, or phone number that you specified while registering for Dropbox Sign. Again, for this it is convenient to use our Password Manager, which, by the way, is part of our <a href=\"https:\/\/me-en.kaspersky.com\/small-business-security\/small-office-security?icid=me-en_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder____ksos___\" target=\"_blank\" rel=\"noopener\">security solution for small businesses<\/a>.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"ksos-generic\">\n","protected":false},"excerpt":{"rendered":"<p>Dropbox has shared a report on a data breach in the Dropbox Sign e-signature service. What does this mean for users, and what should they do?<\/p>\n","protected":false},"author":2726,"featured_media":22718,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1318,1916,1917,1486],"tags":[1047,1931,1457,82,1183,187,521],"class_list":{"0":"post-22717","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-enterprise","9":"category-smb","10":"category-threats","11":"tag-2fa","12":"tag-authenticators","13":"tag-business","14":"tag-hacking","15":"tag-leaks","16":"tag-passwords","17":"tag-threats"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/dropbox-sign-breach\/22717\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/dropbox-sign-breach\/27393\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/dropbox-sign-breach\/30077\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/dropbox-sign-breach\/27548\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/dropbox-sign-breach\/27358\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/dropbox-sign-breach\/30015\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/dropbox-sign-breach\/28804\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/dropbox-sign-breach\/37365\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/dropbox-sign-breach\/51159\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/dropbox-sign-breach\/21859\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/dropbox-sign-breach\/22602\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/dropbox-sign-breach\/31229\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/dropbox-sign-breach\/27699\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/dropbox-sign-breach\/33547\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/dropbox-sign-breach\/33209\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/leaks\/","name":"leaks"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/22717","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2726"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=22717"}],"version-history":[{"count":1,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/22717\/revisions"}],"predecessor-version":[{"id":22719,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/22717\/revisions\/22719"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/22718"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=22717"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=22717"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=22717"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}