Box Opened, Customer Data Compromised
- by nlqip
Dropbox, a popular cloud storage and collaboration platform, recently disclosed a security breach impacting its eSignature service,Dropbox Sign. On May 2, 2024, the company revealed that hackers successfully infiltrated the platform, gaining access to sensitive customer information.
The stolen data includes customer emails, usernames, phone numbers, and hashed passwords. Additionally, the attackers managed to exfiltrate authentication secrets associated with the eSignature service. While Dropbox asserts that no malicious activity linked to the compromised accounts has been detected thus far, the breach raises significant concerns about the security of user data.
In a separate incident, Dropbox also confirmed falling victim to a phishing attack, resulting in unauthorized access to 130 of its source code repositories hosted on GitHub. This breach exposed credentials and API keys used by Dropbox’s development team, potentially opening the door to further exploitation.
Dropbox has taken swift action in response to the breaches. All user passwords were reset as a precautionary measure, and steps have been taken to mitigate the risk of future unauthorized access. However, the company urges users to remain vigilant and be on the lookout for phishing emails that may attempt to exploit the stolen information.
The incident serves as a stark reminder of the ever-present threat of cyberattacks and the importance of robust security measures. As businesses increasingly rely on cloud-based services, it is imperative to prioritize the protection of sensitive data and implement effective security protocols.
While Dropbox has assured users that the hashed passwords are difficult to crack due to salting and hashing techniques, the incident underscores the need for strong and unique passwords across all online accounts. Users are encouraged to enable two-factor authentication whenever possible for added security.
Related
Source link
lol
Dropbox, a popular cloud storage and collaboration platform, recently disclosed a security breach impacting its eSignature service,Dropbox Sign. On May 2, 2024, the company revealed that hackers successfully infiltrated the platform, gaining access to sensitive customer information. The stolen data includes customer emails, usernames, phone numbers, and hashed passwords. Additionally, the attackers managed to exfiltrate…
Recent Posts
- Arm To Seek Retrial In Qualcomm Case After Mixed Verdict
- Jury Sides With Qualcomm Over Arm In Case Related To Snapdragon X PC Chips
- Equinix Makes Dell AI Factory With Nvidia Available Through Partners
- AMD’s EPYC CPU Boss Seeks To Push Into SMB, Midmarket With Partners
- Fortinet Releases Security Updates for FortiManager | CISA