Contactez-nous Suivez-nous sur Twitter En francais English Language

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN



Comment: Dropbox Sign hacked

May 2024 by Andy Kays, CEO Socura

Dropbox has confirmed that it was a victim of a data breach, doing so via an SEC filing
The comments in response from Andy Kays, CEO of Socura, who says the attack offers “tremendous scope for abuse, identity theft, fraud, and business email compromise".

“This looks like a classic case of breach through acquisition. When a large company buys a smaller one, it can throw up major security risks. The most common scenarios are that the acquired company has vulnerabilities, limited security capabilities, or there are compatibility issues as products, technologies, services and teams are integrated. The fact that only the Dropbox Sign product was breached, not the wider business, suggests that a security gap either existed with the Hellosign product at the time of purchase, or developed over time as the company changed and rebranded it.

“Adversaries having access to sensitive documents and a signature service offers tremendous scope for abuse, identity theft, fraud, and business email compromise. Dropbox users must act as though an attacker has their signature and the ability to sign legal documents in their name. They should change their passwords and enable MFA immediately.

See previous articles


See next articles

Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55

All new podcasts