Dropbox disclosed a breach in their digital signature service, Dropbox Sign, where threat actors accessed emails, usernames, and account settings of all users. The breach also exposed phone numbers, hashed passwords, and authentication information for some users, affecting even third-parties who signed documents. The attack was restricted to Dropbox Sign infrastructure, with no evidence of access to user account contents or payment information
The company is reaching out to impacted users, resetting passwords, and coordinating the rotation of API keys and OAuth tokens. Dropbox is collaborating with authorities for further investigation, with ongoing analysis of the breach. This incident is the second in two years for Dropbox, following a phishing campaign in 2022. ```https://thehackernews.com/2024/05/dropbox-discloses-breach-of-digital.html