Dropbox Sign hack exposed user data, raises security concerns for e-sign industry
- by nlqip
Customers express concerns
Dropbox said it swung into action as soon as it discovered the breach and “launched an investigation with industry-leading forensic investigators to understand what happened and mitigate risks to our users.”
Its investigation revealed that “a third party gained access to a Dropbox Sign automated system configuration tool.” “The actor compromised a service account that was part of Dropbox Sign’s back-end, which is a type of non-human account used to execute applications and run automated services.”
The threat actor, the company said, then used this access to the “production environment to access our customer database.”
The company confirmed in the blog post that it had reset users’ passwords, logged users out of all active sessions and devices, and is “coordinating the rotation of all API keys and OAuth tokens.” The company is also notifying users of the breach via email and providing them with instructions on securing their accounts and changing passwords.
However, this incident sparked concerns among users regarding the security of their data and the potential consequences of the breach.
“As a manpower recruitment and consulting firm, we depend on secure platforms like Dropbox Sign to manage sensitive candidate and client information. News of this breach is unsettling, particularly considering the potential exposure of confidential documents like resumes and contracts,” said Shalu Bindlish, director at Advaita Bedanta Consultants, an India-based manpower company.
Source link
lol
Customers express concerns Dropbox said it swung into action as soon as it discovered the breach and “launched an investigation with industry-leading forensic investigators to understand what happened and mitigate risks to our users.” Its investigation revealed that “a third party gained access to a Dropbox Sign automated system configuration tool.” “The actor compromised a…
Recent Posts
- Red Hat Updates Present ‘Huge’ Partner Opportunities in OpenShift, Edge
- US govt officials’ communications compromised in recent telecom hack
- Microsoft patches Windows zero-day exploited in attacks on Ukraine
- Leaked info of 122 million linked to B2B data aggregator breach
- Dell NativeEdge Platform Brings AI To Edge Operations