Dropbox Discloses Breach of Digital Signature Service Affecting All Users

Dropbox disclosed a breach affecting all users of its Dropbox Sign service, formerly known as HelloSign, where threat actors accessed emails, usernames, and account settings. The breach, identified on April 24, 2024, also compromised phone numbers, hashed passwords, and authentication data for some users. Despite the extensive data access, there is no evidence that attackers viewed the contents of user accounts or payment information. Dropbox is contacting affected users and has taken steps to secure accounts, while continuing to investigate the incident.