Dropbox Sign Hacked: Attackers Stolen API Keys, MFA, & Hashed Passwords

Dropbox disclosed a significant security breach affecting its electronic signature service, Dropbox Sign (formerly known as HelloSign).

The incident, which came to light on April 24, involved unauthorized access to the Dropbox Sign production environment, exposing sensitive customer information.

Dropbox’s security team was alerted to the breach on April 24 after detecting unauthorized access to the Dropbox Sign production environment.

A thorough investigation revealed that a threat actor had infiltrated the system and gained access to a wealth of customer data.

Security Breach

The breach was traced back to a compromised service account within Dropbox Sign’s backend, a critical component used for executing applications and running automated services.


Integrate ANY.RUN in Your Company for Effective Malware Analysis

Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:

  • Real-time Detection
  • Interactive Malware Analysis
  • Easy to Learn by New Security Team members
  • Get detailed reports with maximum data
  • Set Up Virtual Machine in Linux & all Windows OS Versions
  • Interact with Malware Safely

If you want to test all these features now with completely free access to the sandbox:

In response to the breach, Dropbox has taken swift action to mitigate the impact on its users.

The company’s security measures included resetting passwords, logging users out of all connected devices, and initiating the rotation of all API keys and OAuth tokens.

These steps are part of Dropbox’s broader effort to secure its systems and protect user data from further unauthorized access.

The breach has significantly impacted Dropbox Sign users, with the threat actor gaining access to names, email addresses, and other sensitive information.

For users who interacted with Dropbox Sign without creating an account, their names and email addresses were exposed.

However, Dropbox has assured its users that there was no evidence of unauthorized access to the contents of their accounts, such as documents or agreements, nor was there any compromise of payment information.

Dropbox is actively reaching out to all affected users, providing them with step-by-step instructions on how to secure their data further.

The company has also emphasized that users who signed up for Dropbox Sign or HelloSign using external services like Google did not have passwords stored or exposed, as no password was set up directly with Dropbox.

In the wake of the incident, Dropbox has underscored its commitment to user security, detailing the extensive measures taken to address the breach.

The company’s security team coordinates closely with law enforcement and cybersecurity experts to prevent future incidents.

As Dropbox continues to navigate the aftermath of this security incident, the company is focused on reinforcing its security infrastructure to safeguard against similar breaches.

Users are encouraged to follow the guidance provided by Dropbox and to remain vigilant in monitoring their accounts for any unusual activity.

Combat Email Threats with Easy-to-Launch Phishing Simulations: Email Security Awareness Training -> Try Free Demo 

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.