pablolarahMay 6, 2024

🔵⚫️ A recent security incident involving Dropbox Sign
at @dropbox
#DropboxSign #SecurityIncident

https://sign.dropbox.com/blog/a-recent-security-incident-involving-dropbox-sign

A recent security incident involving Dropbox Sign - Dropbox Sign

Information on a security incident involving Dropbox Sign.

FeralRobotsMay 6, 2024

#Dropbox sending out emails telling folks their "#DropboxSign" accounts might've been compromised.

Just over here trying to figure out what the hell "DropboxSign" is*, why they think I have an account (to my knowledge, I don't), & whether I should try to do anything about this.
_
*apparently the post-merger rebranded name of a document signing service called #HelloSign.

Marcel SIneM(S)USMay 3, 2024
Digitale Signatur: Datenleak bei #DropboxSign | Security https://www.heise.de/news/Digitale-Signatur-Datenleak-bei-Dropbox-Sign-9705355.html #Dropbox #DataLeak #Datenleck
Digitale Signatur: Datenleak bei Dropbox Sign

Unbekannte Angreifer konnten auf Kundendaten des digitalen Signaturservices Dropbox Sign zugreifen. Andere Dropbox-Produkte sollen nicht betroffen sein.

heise online
Albert S.May 3, 2024

Bon dia!

Per poc el vampir m'envia a la tomba.
Usuaris de Dropbox Sign, canvieu les credencials d'accés!

#Rogule 2024-5-3
🧝 4xp ⛩ 202 👣
streak: 2
🟩⬜⬜⬜⬜
⚔ 🦇🦇🧞
🌰🌰
🍄🍄🍄⬜

https://rogule.com

#dropbox #dropboxsign

Rogule

A dungeon a day keeps the Balrog away.

Rogule
Juliet (Ryel), Rollerskating Elf 🏳️‍⚧️May 2, 2024
Super weird to me that Dropbox has told Dropbox Sign customers to "delete your existing entry and then reset it" if they use app-based MFA. I have never seen "delete your MFA and create new tokens" in post-compromise account hygiene advice before.

I suspect two things:
1.) Dropbox was storing plain text MFA seeds right next to their password hashes
2.) We're going to hear a lot more about this soon.

ref: https://sign.dropbox.com/blog/a-recent-security-incident-involving-dropbox-sign

#Cybersecurity #DFIR #InformationSecurity #Dropbox #DropboxSign
A recent security incident involving Dropbox Sign - Dropbox Sign

Information on a security incident involving Dropbox Sign.

Bufale.net May 2, 2024

Problemi per #Dropboxsign, il sistema di #firmadigitale online. Gli altri servizi di #Dropbox non sembrano coinvolti, ma sono indubbiamente brutte notizie per gli utenti

Per dettagli: https://www.bufale.net/violati-i-dati-dei-clienti-e-autenticazione-di-dropbox-sign/

Violati i dati dei clienti e autenticazione di Dropbox Sign

Violati i dati dei clienti e autenticazione di Dropbox Sign: questo il brutto risveglio che ha accolto gli utenti del servizio...

Bufale
Richi JenningsMay 2, 2024

The company apologized as user details were leaked from its “Dropbox Sign” product.

Watch out for phishing scams: Email “from #DropboxSign” telling you to change your password might not be real!

Worryingly, API keys and MFA secrets were among the stolen data. In #SBBlogwatch, we rush to rotate and regenerate. At @TechstrongGroup’s @SecurityBlvd: https://securityboulevard.com/2024/05/dropbox-sign-hack-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc

Dropbox Hacked: eSignature Service Breached

Drop Dropbox? The company apologized as user details were leaked from its “Dropbox Sign” product.

Security Boulevard