Company press releases and major tech news outlets

April 24 Dropbox Sign Breach Exposes User Data, No Core Content Compromised

May 2, 2024, 07:00 PM

Dropbox has experienced a significant cybersecurity breach affecting its Dropbox Sign service, formerly known as HelloSign, which occurred on April 24. Hackers accessed a range of sensitive information including emails, usernames, hashed passwords, phone numbers, and key authentication data such as API keys and OAuth tokens. Despite the breach, Dropbox has stated that the incident is unlikely to have a material impact on its operations, and no core user content or payment info was compromised. The company has reported the incident to the SEC and is currently investigating the breach.