Dropbox Details

    Organization Logo

    Dropbox

    San Francisco, CA2700 employees • Information Technology

    Industry

    Information Technology

    Security Incidents

    1

    Dropbox is a tech company that offers cloud storage solutions, making it easier for individuals and businesses to save and share files online. It provides a platform where users can sync their documents, photos, and other data across multiple devices, ensuring they have access to their files anywhere and anytime. The company emphasizes simplicity and efficiency, catering to those who need reliable tools for collaboration and data management.

    Security Incidents

    Dropbox Breach of May 2024
    Severity Score
    Significant to High

    Type

    Data Breach

    Summary

    On April 24, 2024, hackers breached Dropbox's eSignature service, Dropbox Sign, by exploiting a system configuration tool that allowed them to run applications with high-level access. They obtained sensitive information including hashed passwords, authentication tokens, and customer data such as emails, phone numbers, and usernames. Despite the breach, there was no evidence that customer documents or agreements were accessed.

    Severity

    The breach at Dropbox Sign was quite severe due to the exposure of sensitive authentication details like API keys, OAuth tokens, and multi-factor authentication keys, alongside hashed passwords and personal customer information. Although the hackers did not access actual documents or agreements, the exposed data could still lead to further security risks, such as phishing attacks. The company had to enforce a reset of all passwords and API keys, indicating significant concern over the potential misuse of the accessed information.

    Impact

    The breach impacted users of Dropbox Sign, the eSignature platform, exposing their emails, usernames, phone numbers, and hashed passwords. Additionally, for users who interacted with the platform without registering, their names and email addresses were also exposed. While Dropbox confirmed that documents and agreements remained secure, the breach poses a risk of identity theft and phishing attacks for affected users.

    KEEP YOUR ENVIRONMENT SECURE

    Weak credentials are the leading cause of breaches. Beyond Identity can help.

    See MFA exploits in action
    Watch how adversaries exploit companies in quick videos