Who is affected by the Dropbox data breach?
The first thing to note is that this breach only affects Dropbox Sign users. Dropbox cloud users are not affected. However, this assumes that you are not also a Dropbox Sign user.
You may have used Dropbox Sign in the past to sign digital documents, but your details aren't recorded in the company's systems unless you actually create an account with the service. For example, if you use “Sign in with Google,” you'll be fine. Dropbox itself has acknowledged that the problem is limited to Dropbox Sign accounts, as the Dropbox Sign infrastructure is isolated from other services.
What data was compromised in the Dropbox data breach?
While it's good that there was no data breach, this scenario shows what a third party that compromised Dropbox's systems would have gotten. did it It's getting worse.
The attackers had access to usernames, emails, hashed passwords, phone numbers, and multi-factor credentials.
What they didn't have access to was the contents of customer accounts, including documents, contracts, and most importantly, payment information.
As a result, Dropbox automatically reset your password and made sure you logged out of your device.
How to tell if you've been affected by a Dropbox data breach
If you're a Dropbox Sign customer, news of this breach is understandably concerning. Let me say again that if you use any other Dropbox services, you are unlikely to be affected.
Dropbox says it's providing advice to affected customers on how to reduce the risk of a data breach, so if you're one of them, you should receive a message by the end of this week. . If you would like to contact Dropbox directly about this breach, you can do so here.
One step you can take is to keep an eye on the excellent website www.haveibeenpwned.com. This website allows you to learn whether your personal data is configured and made public by simply entering your password. We don't yet know if this Dropbox data is already publicly available on the web, or if threat actors are currently looking for someone to sell it to, but it's always worth checking haveibeenpwned regularly. .
If you use the same password for Dropbox Sign on other sites or services, you should change it as soon as possible because someone with this information may be able to access other accounts you own. there is.
Reusing passwords across multiple accounts is considered a very bad habit, but juggling multiple passwords can be an easy trap to fall into.We recommend using password manager For peace of mind.