Dropbox Cyberattack Impacts Digital Signature Product

Hacker accessed user information including email addresses, names and phone numbers

Berenice Baker, Editor, Enter Quantum

May 2, 2024

2 Min Read
Getty Images

A hacker has breached Dropbox’s digital signature product, Dropbox Sign, accessing user information including emails, usernames and phone numbers.

In a blog post dated May 1, the Dropbox Sign team revealed that the breach happened on April 24 and affected all users of the product, formerly known as HelloSign.

The data exposed included email addresses, usernames, phone numbers, hashed passwords and authentication details including API keys, OAuth tokens and multi-factor authentication methods.

However, the team said there was no evidence the hacker accessed the contents of users' Dropbox Sign accounts, such as agreements or payment information, and the breach did not affect other Dropbox services.

“We’re in the process of reaching out to all users impacted by this incident who need to take action, with step-by-step instructions on how to further protect their data,” Dropbox said. “Our security team also reset users’ passwords, logged users out of any devices they had connected to Dropbox Sign and is coordinating the rotation of all API keys and OAuth tokens.”

The hack also exposed the names and email addresses of individuals who received or signed a document through Dropbox Sign but never created an account. It did not affect those who created an account but did not set up a Dropbox password, for example by using “sign up with Google.”

Related:UnitedHealth Confirms Hackers Stole ‘Substantial’ Amounts of Data

Dropbox said that it had found no evidence of unauthorized access to customers’ documents, agreements, or payment information.  

No other Dropbox products were unaffected by the cyberattack, even if a user’s Dropbox account was linked to a Dropbox Sign account.

The company’s security team reset users’ passwords, logged users out of any devices connected to Dropbox Sign and reported this event to data protection regulators and law enforcement.

About the Author(s)

Berenice Baker

Editor, Enter Quantum

Berenice is the editor of Enter Quantum, the companion website and exclusive content outlet for The Quantum Computing Summit. Enter Quantum informs quantum computing decision-makers and solutions creators with timely information, business applications and best practice to enable them to adopt the most effective quantum computing solution for their businesses. Berenice has a background in IT and 16 years’ experience as a technology journalist.

Sign Up for the Newsletter
The most up-to-date news and insights into the latest emerging technologies ... delivered right to your inbox!

You May Also Like