Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Cloud Data Storage Privacy

Dropbox Says Hackers Breached Digital-Signature Product (yahoo.com) 12

An anonymous reader quotes a report from Bloomberg: Dropbox said its digital-signature product, Dropbox Sign, was breached by hackers, who accessed user information including emails, user names and phone numbers. The software company said it became aware of the cyberattack on April 24, sought to limit the incident and reported it to law enforcement and regulatory authorities. "We discovered that the threat actor had accessed data related to all users of Dropbox Sign, such as emails and user names, in addition to general account settings," Dropbox said Wednesday in a regulatory filing. "For subsets of users, the threat actor also accessed phone numbers, hashed passwords, and certain authentication information such as API keys, OAuth tokens, and multi-factor authentication."

Dropbox said there is no evidence hackers obtained user accounts or payment information. The company said it appears the attack was limited to Dropbox Sign and no other products were breached. The company didn't disclose how many customers were affected by the hack. The hack is unlikely to have a material impact on the company's finances, Dropbox said in the filing. The shares declined about 2.5% in extended trading after the cyberattack was disclosed and have fallen 20% this year through the close.

This discussion has been archived. No new comments can be posted.

Dropbox Says Hackers Breached Digital-Signature Product

Comments Filter:
  • Application signing has got M$ and others into hot water before. Maybe it's enough trouble to be worth it... maybe not. I just think it's hilarious how much faith people put into encryption. They act like governments cannot rubber-hose decrypt, install keyloggers, or just compel you in various other ways besides the rubber hose. They act like encryption schemes aren't broken resulting in a scramble to re-implement some kind of new scheme. Well, to be honest, few are completely broken but, as we've seen, it
    • by gweihir ( 88907 )

      The thing seems to be that the less people know how cryptography works, the more faith they have in it. One of the indications that most people have non-functional minds and understand essentially nothing.

    • If your communications are secure, then the value is not moderate, it's fulsome. Most of what you are saying appears to be about user failures ... not inherent brokeness of encryption schemes... what is broken? 99.9% of the time it's people.

      Read the Terms of Service of all you communications and software providers: they take your data. So mitigating MITM from you service providers, again, is fulsome value. It's your service providers that are {expletive} you over a barrel.

      I'm curious to hear HOW they were h
      • So mitigating MITM from you service providers, again, is fulsome value.

        Agreed. Point ceded.

        Now, I was thinking more about fancier schemes that use encryption and make big promises, but again, I agree with you here. It's hard to underestimate the value of privacy. We do, chiefly, have encryption to thank for that.

        Most of what you are saying appears to be about user failures ... not inherent brokeness of encryption schemes

        Oh, I'll be the first to concede that few encryption schemes are 100% broken. It is, in fact, the implementation (as you already mentioned) and user failures that typically are actually to blame. However, that's also part of my point. Encryption doesn't exist in a vac

        • OpenVPN for instance, is one of those creeping missions. Let's add more and more every year or two, and also, make sure to mix up the terminology from the parts bolted on. Each part brings a new terminology, so the result is ... completely confusing. Sooner or later you can figure it out, but the specs are aggregates of other things. Or perhaps you can get good value out of a subset of features, also, for those reasons, it's highly compatible to legacy environments, so it has a place in the world. But it's
  • Typical illiteracy (Score:4, Informative)

    by chrylis ( 262281 ) on Wednesday May 01, 2024 @08:51PM (#64440790)

    I know it's too much to ask from the Slashdot editors, but Dropbox Sign is an electronic signature product (similar to DocuSign or PandaDoc), not a digital signature product. Breach of either is bad, but the threat models and risks of various exposure are dramatically different.

    • Of course not. That's a technical point and doesn't promote the editors' politics. Hence, it's invisible and irrelevant. :-)

Statistics are no substitute for judgement. -- Henry Clay

Working...