1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Dropbox confirms eSign tool hit by major data breach, confirms cu

    From TechnologyDaily@1337:1/100 to All on Thu May 2 15:15:04 2024
    Dropbox confirms eSign tool hit by major data breach, confirms customer info leaked

    Date:
    Thu, 02 May 2024 15:00:00 +0000

    Description:
    No word on how many people are affected.

    FULL STORY ======================================================================

    E-signature service providers DropBox Sign suffered a cyberattack recently,
    in which hackers stole some seriously sensitive customer information.

    As per the data breach notification published on the DropBox Sign website, an unidentified threat actor managed to compromise a service account that was part of the products back-end. The company did not detail exactly how the account was compromised, but it did describe it as a non-human account used
    to execute applications and run automated services.

    This account has elevated privileges, which the attacker used to access the production environment, and through it, the customer database. Responding to the incident

    The information within the database includes peoples emails, usernames, phone numbers, hashed passwords, general account settings, API keys, OAuth tokens, and multi-factor authentication (MFA). Even those who never registered an account, but received or signed a document through the service, have had
    their email addresses and names exposed.

    There is no evidence that the attackers accessed the contents of customer accounts, or payment information, DropBox confirmed.

    The company discovered the breach on April 24, it further explained. In response, it reset user passwords, logged people out of all of their
    connected devices, and is currently coordinating the rotation of all API keys and OAuth tokens.

    The incident has been reported to the police, DropBox concluded.

    If you are a DropBox Sign user, you should delete the MFA configuration from your authenticator apps, and set up the feature again. Also, be on the
    lookout for any suspicious emails, claiming to come from DropBox Sign, especially if they are demanding urgent action (for example, urgent password resetting). Instead, make sure to visit the DropBox Sign site manually, and reset your login credentials there.

    DropBox Sign prepared a customer FAQ list here , which includes details on
    how to rotate API keys. More from TechRadar Pro This odd malware is targeting Docker hosts - in order to boost web traffic Here's a list of the best firewalls around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/dropbox-confirms-esign-tool-hit-by-majo r-data-breach-confirms-customer-info-leaked


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)