Notice from Dropbox from blog The Technology blog and podcast

Notice from Dropbox

The following is an email that I received from Dropbox Sign. It does come from a sub domain from Dropbox No links are present, but you will see them in your version should you get this email.

I blogged this from Mastodon but haven’t read articles about it.

I might have checked out the service but I don’t use it.

---

Important information regarding your account
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?
#
#
Hello,

We’re reaching out because on April 24th, we became aware of unauthorized access to the Dropbox Sign (formerly HelloSign) production environment. Upon further investigation, we discovered that a threat actor had accessed Dropbox Sign customer information. You are receiving this message because your information was in the data the third party accessed.

What happened
We can confirm that Dropbox Sign customer information such as emails, usernames, phone numbers, hashed passwords, multi-factor authentication, and general account settings were obtained. Based on our investigation, there is no evidence of unauthorized access to the contents of customers’ accounts (i.e. their documents or agreements), or their payment information.

What we’re doing
When we became aware of this issue, we launched an investigation with industry-leading forensic investigators to understand what happened and mitigate risks to our users. In response, our security team reset users’ passwords, logged users out of any devices they had connected to Dropbox Sign.
What you can do

Passwords and multi-factor authentication: We’ve expired your password and logged you out of any devices you had connected to Dropbox Sign to further protect your account. The next time you log in to your Sign account, you’ll be sent an email to reset your password. Customers who use an authenticator app for multi-factor authentication should reset it as soon as possible. Please delete your existing entry and then reset it. If you use SMS you do not need to take any action.

If you reused your Dropbox Sign password on any other services, we strongly recommend that you change your password on those accounts and utilize multi-factor authentication when available. Instructions on how to do this for your Dropbox Sign account can be found here.

At Dropbox, our number one value is to be worthy of trust. We hold ourselves to a high standard when protecting our customers and their content. We didn’t live up to that standard here, and we’re deeply sorry for the impact it caused our customers. We are grateful for your partnership, and we’re here to help all of those who were impacted by this incident. For more information on this incident, how to contact us, and updates see here.

– The Dropbox team
This email was sent to (address removed)
Dropbox, Inc., PO Box 77767, San Francisco, CA 94107

---

I removed my address but it’ll say that it was sent to your email address. Be on the lookout!

---

Informazioni sull'articolo

Notice from Dropbox was released on May 4, 2024 at 4:37 pm by tech in security news and commentary.
Last modified: May 4, 2024.

---

Comments (0)

No comments yet.

You must be logged in to post a comment.

go to sections menu

---