Dropbox breach exposes customer credentials, authentication data

Cloud storage company Dropbox reported that a hacker breached company systems on April 24 and gained access to sensitive information like passwords and more.

In a filing with the SEC on Wednesday afternoon, the company said it discovered unauthorized access to the production environment of Dropbox Sign - a company formerly known as HelloSign that was acquired in 2019. The company allows people to sign documents digitally.

The hacker accessed information related to all users of Dropbox Sign, including account settings, names and emails. For some users, phone numbers, hashed passwords and authentication information like API keys, OAuth tokens and multi-factor authentication methods were also exposed.

"Based on what we know as of the date of this filing, there is no evidence that the threat actor accessed the contents of users' accounts, such as their agreements or templates, or their payment information," the company said in the 8-K filing.

"Additionally, we believe this incident was limited to Dropbox Sign infrastructure and there is no evidence that the threat actor accessed the production environments of other Dropbox products. We are continuing our investigation."

Read more -here-

• Apple's new accessibility features let you control an iPhone or iPad with your eyes
• Comcast unveils streaming bundle that includes Apple TV+, Peacock and Netflix
• John Deere says solar storm compromised GPS tracking on tractors
• Dell confirms database hacked - hacker says 49 million customers hit
• Google releases emergency fix for new Chrome zero-day flaw
• Disney+, Hulu and Max team up for streaming bundle package