Dropbox Says Hackers Breached Digital-Signature Product (yahoo.com) 12
An anonymous reader quotes a report from Bloomberg: Dropbox said its digital-signature product, Dropbox Sign, was breached by hackers, who accessed user information including emails, user names and phone numbers. The software company said it became aware of the cyberattack on April 24, sought to limit the incident and reported it to law enforcement and regulatory authorities. "We discovered that the threat actor had accessed data related to all users of Dropbox Sign, such as emails and user names, in addition to general account settings," Dropbox said Wednesday in a regulatory filing. "For subsets of users, the threat actor also accessed phone numbers, hashed passwords, and certain authentication information such as API keys, OAuth tokens, and multi-factor authentication."
Dropbox said there is no evidence hackers obtained user accounts or payment information. The company said it appears the attack was limited to Dropbox Sign and no other products were breached. The company didn't disclose how many customers were affected by the hack. The hack is unlikely to have a material impact on the company's finances, Dropbox said in the filing. The shares declined about 2.5% in extended trading after the cyberattack was disclosed and have fallen 20% this year through the close.
Dropbox said there is no evidence hackers obtained user accounts or payment information. The company said it appears the attack was limited to Dropbox Sign and no other products were breached. The company didn't disclose how many customers were affected by the hack. The hack is unlikely to have a material impact on the company's finances, Dropbox said in the filing. The shares declined about 2.5% in extended trading after the cyberattack was disclosed and have fallen 20% this year through the close.
Re: (Score:2)
Well, it fucking should.
No, no. You must protect profit. Users? Security? Decency? Doing the right thing? No. But profit? Sacrosanct. All hail the holy profit, the only metric by which our god, greed, measures us.
More Encryption "magic" that's always broken (Score:2)
Re: (Score:2)
The thing seems to be that the less people know how cryptography works, the more faith they have in it. One of the indications that most people have non-functional minds and understand essentially nothing.
Re: (Score:3)
Read the Terms of Service of all you communications and software providers: they take your data. So mitigating MITM from you service providers, again, is fulsome value. It's your service providers that are {expletive} you over a barrel.
I'm curious to hear HOW they were h
Re: (Score:2)
So mitigating MITM from you service providers, again, is fulsome value.
Agreed. Point ceded.
Now, I was thinking more about fancier schemes that use encryption and make big promises, but again, I agree with you here. It's hard to underestimate the value of privacy. We do, chiefly, have encryption to thank for that.
Most of what you are saying appears to be about user failures ... not inherent brokeness of encryption schemes
Oh, I'll be the first to concede that few encryption schemes are 100% broken. It is, in fact, the implementation (as you already mentioned) and user failures that typically are actually to blame. However, that's also part of my point. Encryption doesn't exist in a vac
Re: (Score:2)
Typical illiteracy (Score:4, Informative)
I know it's too much to ask from the Slashdot editors, but Dropbox Sign is an electronic signature product (similar to DocuSign or PandaDoc), not a digital signature product. Breach of either is bad, but the threat models and risks of various exposure are dramatically different.
Re: (Score:1)