Dropbox investigates breach that affected its Sign service

2 May 2024

Image: © prima91/Stock.adobe.com

The cloud company noted in a recent filing that it has no indication the breach is ‘reasonably likely’ to materially impact its financial condition or results of operations.

Cloud storage company Dropbox has revealed that it was recently victim to a data breach incident in which cybercriminals were able to access customer emails and usernames.

In a filing with the US Securities and Exchange Commission (SEC) this week, the company reported that a threat actor was able to obtain unauthorised access to its Dropbox Sign service. It became aware of the incident on 24 April and the cyberattack has not had a “material impact” on its overall business operations.

Upon learning of the data breach, Dropbox said it immediately activated a cybersecurity incident response process to investigate further. Other than usernames and emails, it found that the threat actor had been able to access phone numbers, hashed passwords and certain authentication information of a subset of users.

“Based on what we know as of the date of this filing, there is no evidence that the threat actor accessed the contents of users’ accounts, such as their agreements or templates, or their payment information,” it wrote in the filing, adding that the breach was limited to Dropbox Sign.

“When we became aware of the incident, we launched an investigation with industry-leading forensic investigators to understand what happened and mitigate risks to our users. We have notified and are working with law enforcement. As appropriate, we are also notifying regulatory authorities and users with respect to unauthorised access to personal information.”

Dropbox also noted that it has no indication that the breach is “reasonably likely” to materially impact its financial condition or results of operations.

“We remain subject to various risks due to the incident, including potential litigation, changes in customer behaviour and additional regulatory scrutiny. Our remediation efforts are ongoing.”

‘Fostering a strong cybersecurity culture’

Stephen Robinson, senior threat intelligence analyst at WithSecure, said that large organisations such as Dropbox will always be a lucrative target in the eyes of cybercriminals because of the amount of sensitive information they hold.

But the real worry isn’t the theft of customer information, but that of authentication data.

“Authentication processes are put in place to prevent cybercriminals from accessing systems or accounts even when they have stolen credentials, however, the theft of authentication data such as tokens and certificates can allow these security processes to be completely bypassed,” he said.

Last month, Cisco disclosed that cybercriminals are exploiting vulnerabilities in its security products to breach government networks after spotting an espionage campaign – named ArcaneDoor – targeting perimeter network devices for the purpose of gaining a foothold into organisations and monitoring network traffic.

“While the investigation into the [Dropbox] breach continues, users should be on the lookout for any potential phishing emails or any other form of unsolicited communication. With the type of data stolen, a cyberattacker could craft extremely plausible, targeted phishing emails, texts and phone calls,” Robinson added.

“Incidents such as this show how critical it is for large organisations to improve cyber resilience. Cost-effective methods we advise all organisations to implement include regular risk assessments, rigorous patching schedules and fostering a strong cybersecurity culture supported by clear security policies.”

Find out how emerging tech trends are transforming tomorrow with our new podcast, Future Human: The Series. Listen now on Spotify, on Apple or wherever you get your podcasts.

Vish Gain was a journalist with Silicon Republic

editorial@siliconrepublic.com