Popular cloud storage provider Dropbox has suffered a significant security breach impacting all users of its eSignature platform Dropbox Sign (formerly HelloSign).
According to its investigation, the cloud storage provider believes the threat actor compromised a Dropbox Sign automated system configuration tool and gained privileges to execute applications in the eSignature’s production environment.
The threat actor then used their access to compromise a Dropbox customer database and access personal information, including emails, usernames, phone numbers, and account settings.
CPO Magazine – https://trl.ca/330