Security News > 2024 > May > Dropbox says attackers accessed customer and MFA info, API keys

File hosting service Dropbox has confirmed that attackers have breached the Dropbox Sign production environment and accessed customer personal and authentication information.

"Based on our investigation, a third party gained access to a Dropbox Sign automated system configuration tool. The actor compromised a service account that was part of Sign's back-end, which is a type of non-human account used to execute applications and run automated services. As such, this account had privileges to take a variety of actions within Sign's production environment."

Attackers exploited the access they gained to the Dropbox Sign production environment to access the customer database.

Dropbox Sign customer and account information: email addresses, usernames, phone numbers and hashed passwords, and general account settings.

Dropbox is notifying affected customers and advising them to reset their passwords, rotate API keys, change their password on other accounts if they reused the same password they used for Dropbox Sign, and reset their authenticator app entry.

Dropbox has expired exposed passwords and logged users out of devices they used to connect to Dropbox Sign, restricted certain functionality of API keys until customers rotate them, and are reviewing this incident "To better understand how this happened, and to protect against this kind of threat in the future."

News URL

https://www.helpnetsecurity.com/2024/05/02/dropbox-sign-breached/