Dropbox reported that a hacker gained unauthorized access to the systems of Sign software, formerly known as HelloSign. The attackers were able to access various personal data, but not the signatures. Those affected will be notified by email.
The company writes The cyber attack occurred on April 24, during which hackers gained access to Dropbox Sign’s “production environment.” Through an automated system configuration tool, the third party gained access to the software’s backend using a compromised “non-human account.”
Depending on how users interact with Dropbox Sign, different personal data may have been compromised. For example, users who did not have an account had access to their email addresses and names. Users with the account also had unauthorized access to phone numbers, hashed passwords, API keys, and authentication tokens. Dropbox emphasizes that this only pertains to account information, not content created in logins across these accounts, including digital signatures and documents.
The company automatically resets passwords and requires API clients to generate new API keys. Users using multi-factor authentication will also need to reset this feature.
“Coffee buff. Twitter fanatic. Tv practitioner. Social media advocate. Pop culture ninja.”
More Stories
“Sorry Peter!”: Ronald Plasterk, who was appointed Prime Minister of the Netherlands, apologizes to Peter Umtzigt for the incident that occurred during the formation
Important Event: The number of Cegeka reaches over a billion
Opel has not changed its electric vehicle strategy and wants to go electric by 2025