What does DropBox Sign hack means for regular users?

• Organisations need to ensure they select the correct solutions– via multiple facets including cost, functionality, usability, compatibility and security– and it has become increasingly important.
• By adopting a zero trust framework within their infrastructure, enterprise leaders will be in a stronger position to not only identify and react to attacks on their organisation but also mitigate any potential damage.

The recent DropBox hack is an eye opener for many in the tech industry despite repeated warnings from the security experts and how sophisticated the hackers are becoming.

DropBox said they detected unauthorised access to DropBox Sign’s production systems on April 24 and gained access to authentication tokens, MFA keys, hashed passwords, and customer information and they have launched an investigation.

DropBox Sign is an eSignature platform allowing customers to send documents online to receive legally binding signatures.

Dropbox had disclosed a security breach in November 2022 after hackers stole 130 code repositories by breaching the company’s GitHub accounts using stolen employee credentials.

When handling sensitive data, including e-signatures and authentication information, Patrick Tiquet, VP of Security and Compliance at Keeper Security, said it is critically important to have robust security measures in place to safeguard that information.

Need for stronger authentication practices

Security experts share what this compromise means for the regular users, what affected users should do next, what to expect, and how can organisations prioritise robust security measures when handling sensitive data, so that similar breaches won’t happen.

 “The fact that threat actors were able to access the emails, usernames and passwords of Dropbox Sign users highlights the need for stronger authentication practices. Passwords, in particular, remain a vulnerable point of entry for cybercriminals, emphasising the need for secure password management protocols, such as the use of strong, unique passwords for each account and multi-factor authentication (MFA).”

Security experts share what this compromise means for the regular users, what affected users should do next, what to expect, and how can organisations prioritise robust security measures when handling sensitive data, so that similar breaches won’t happen.

Thomas Richards, Associate Principal Consultant at Synopsys Software Integrity Group, said that users should reset their passwords immediately not only on the Dropbox service but also wherever their email or username is used. 

Moreover, he said that any integration with single-sign-on services and APIs should have the keys regenerated to prevent any abuse of those services. 

Users of the Dropbox service should also review any transactions or requests made for any fraudulent activity as the information leaked could be used for numerous nefarious purposes. 

Eye opener

Dropbox said that they’ve been reaching out to affected users that need to take action, but failed to disclose what those actions were. 

Industry experts said that if any of the users receive an email from DropBox sign asking them to reset their password, do not follow any links in the email and instead, visit DropBox Sign directly and reset their password from the site.

Ray Kelly, Fellow, Synopsys Software Integrity Group, said the breach is especially significant since API keys and OAuth tokens were compromised. 

Often times, he said that API keys are static and do not change so that organisations can automate their processes around their services. 

“When these keys are compromised, a malicious actor can gain access to services that can be sensitive or cause monetary consequences for the victim.  Dropbox Sign customers should immediately ensure their current API keys and tokens are deactivated and create new ones to prevent unauthorised access.”

While DropBox is reassuring that there’s no evidence of the attackers accessing the contents of users’ accounts or payment information, Tiquet said the breach still poses a significant risk to affected individuals and organisations.

There is additional risk any time a company entrusts sensitive information with third-party providers, he said.

“When choosing products and services, users are putting their trust into another organisation to handle their sensitive data and accounts with the utmost security. Vendor selection, outsourcing and bringing in third party products all add layers of complexity to your defence strategy. Ensuring organisations select the correct solutions– via multiple facets including cost, functionality, usability, compatibility and security– has become increasingly important.”

Steps to be done soon

• A first step should be signing up for identity theft protection services and securing your Dropbox Sign account, as well as your other online accounts, with strong and unique passwords.
•  A dark web monitoring service such as BreachWatch can alert you if your information shows up on the dark web so that you can take immediate action.
• A strong password is at least 16 characters with uppercase and lowercase letters, numbers and special characters. To achieve this, it is essential to use a password manager to create and store high-strength random passwords for every website, application and system and, to enable MFA to further protect your sensitive information. 
• Establish clear and comprehensive security requirements for vendors and insist on proof their security controls are sound. Organisations should seek out solutions that hold SOC 2 attestations and are ISO 27001 compliant or that hold similar security certifications. 
• No matter how a threat actor accesses the network, though, the next step is to make sure they are unable to go any further. Organisations large and small should implement a zero-trust architecture with least-privilege access to ensure employees only have access to what they need to do their jobs.
• Companies should also have security event monitoring in place. Privileged access management software can help with privileged account and session management, secrets management and enterprise password management.
• By adopting a zero trust framework within their infrastructure, enterprise leaders will be in a stronger position to not only identify and react to attacks on their organisation but also mitigate any potential damage.