Dropbox has revealed a major attack on its systems that saw customers' personal information accessed by unknown and unauthorized entities.
Dropbox users' Information leaked in alleged hack – what's new now
The attack, described in a regulatory filing, affected Dropbox Sign — a service billed as an "eSignature solution [that] lets you send, sign and store important documents in a seamless workflow, without ever leaving Dropbox." So basically a DocuSign clone.
The filing says management became aware of the incident last week — April 24 — and "immediately activated our cybersecurity incident response process to investigate, contain and remediate the incident."
That effort led to the discovery that "the threat actor had access to data related to all users of Dropbox Sign, such as email and usernames, in addition to general account settings."
