Dropbox hacked

Dropbox Inc. said its digital signature product, Dropbox Sign, was breached by hackers, who accessed user information, including emails, user names and phone numbers.

The software company said it became aware of the cyberattack on 24 April, sought to limit the incident and reported it to law enforcement and regulatory authorities.

“We discovered that the threat actor had accessed data related to all users of Dropbox Sign, such as emails and user names, in addition to general account settings,” Dropbox said Wednesday in a regulatory filing.

“For subsets of users, the threat actor also accessed phone numbers, hashed passwords, and certain authentication information such as API keys, OAuth tokens, and multi-factor authentication.”

Dropbox said there is no evidence hackers obtained user accounts or payment information.

The company said it appears the attack was limited to Dropbox Sign and no other products were breached. The company didn’t disclose how many customers were affected by the hack.

With more than 18 million paying users, San Francisco-based Dropbox is one of the best-known companies in the cloud storage industry and reported $2.5 billion (R46.48 billion) in revenue in 2023.

Many of those users are consumers or small businesses, but it also touts corporate customers such as Dentsu Group Inc.

The company has worked to expand beyond storage with document management services and video-specific tools.

The hack is unlikely to have a material impact on the company’s finances, Dropbox said in the filing.

The shares declined about 2.5% in extended trading after the cyberattack was disclosed and have fallen 20% this year through the close.

Latest news

Partner Content

Show comments


Share this article
Dropbox hacked