08:51 AM
Dropbox has acknowledged a hack that has affected the digital signature service Dropbox Sign, why User information, such as emails, phone numbers, and login passwords, has been exposed.
The technology company began an investigation after detecting unauthorized access in the Dropbox Sign production environment on April 24. From this they initially conclude that no other product has been affected, as they are differentiated infrastructures, but they do The malicious actor has had access to user information.
Specifically, the technology company details in a statement the theft of data such as email addresses, usernames, phone numbers and hashed passwords, but also the configuration of accounts and login elements such as API keys, tokens Oauth and multi-factor authentication.
This data presentation It also affects users who, despite not having created an account, used the service for signing electronic documents. In the case of users with an account, Those who had login enabled with another service, for example, with a Google account, have not had their password stolen. Signed documents and payment information have also not been exposed.
The malicious actor accessed Sign’s production environment after taking control of a automated system configuration tool, which has privileges over a wide variety of actions, including access to the users database.
What to do if your account was hacked?
In response, Dropbox has informed those affected of what happened, offering a guide to the steps they should take to secure their information. Also They have reset account passwords and closed user sessions who had the account open on different devices, and have coordinated a rotation of API keys and Oauth tokens.
If you are among the millions of users affected by last week’s Dropbox data breach, it is crucial to take immediate steps to protect your account and minimize the risk of damage.
You may be interested: Don’t be fooled! Authorities warn that criminals take advantage of the arrival of 5G to scam
Below are three essential things that Kaspersky Lab experts, computer security experts, recommend doing in this type of situation:
1. Change your password immediately: This is the most important action you can take. Create a new, strong password that’s unique to Dropbox and not used on any other website or service. Kaspersky recommends using a combination of upper and lower case letters, numbers and symbols for greater security.
2. Enable two-factor authentication (2FA): 2FA adds an extra layer of security to your accounts by requiring an additional code, such as a text message or app verification, in addition to your password to log in. This makes it considerably more difficult for hackers to access an account, even if they obtain the password, as in the case of Dropbox.
3. Review your activities: Dropbox allows you to review a log of your account activities, including logins, password changes, and file access. Analyze this log for any suspicious activity that may indicate that someone has accessed your account without authorization. If you spot anything unusual, change your password immediately and contact Dropbox for support through this link.
