Juliet (Ryel), Rollerskating Elf 🏳️‍⚧️
Super weird to me that Dropbox has told Dropbox Sign customers to "delete your existing entry and then reset it" if they use app-based MFA. I have never seen "delete your MFA and create new tokens" in post-compromise account hygiene advice before.

I suspect two things:
1.) Dropbox was storing plain text MFA seeds right next to their password hashes
2.) We're going to hear a lot more about this soon.

ref: https://sign.dropbox.com/blog/a-recent-security-incident-involving-dropbox-sign

#Cybersecurity #DFIR #InformationSecurity #Dropbox #DropboxSign
A recent security incident involving Dropbox Sign - Dropbox Sign

Information on a security incident involving Dropbox Sign.

May 2, 2024 at 10:28pmWeb
Show threadFeralRobotsMay 6, 2024
@julie 3 days later & just now getting an email about this from Dropbox. Interesting part to me is that I do not, to my knowledge, have a DropboxSign login. Are they trying to tell me Dropbox users are also exposed? Or maybe that they don't really know who the DropboxSign customers are?
Show threadJuliet (Ryel), Rollerskating Elf 🏳️‍⚧️May 6, 2024
@FeralRobots They said that it also impacts people who have received or signed a document without creating an account. They also said they expected notifications to take a week.
Show threadFeralRobotsMay 6, 2024
@julie thanks! the comms could have been much clearer on that. It's def possible i've received signed docs via DropBox.