Dropbox experienced a breach where threat actors gained unauthorized access to the Dropbox Sign production environment, compromising customer information like emails, usernames, phone numbers, hashed passwords, API keys, OAuth tokens, and MFA details. The breach affected users of Dropbox Sign, a service for e-signatures and document storage; however, no evidence suggests access to customer account contents or payment information. Mitigation steps include resetting passwords, logging users out, rotating API keys, and requiring password resets for all users of the service
Dropbox is conducting a thorough investigation, offering assistance to impacted users, and working to enhance cybersecurity measures for the future. ```https://www.darkreading.com/application-security/dropbox-breach-exposes-customer-credentials-authentication-data