Dropbox Sign Data Breach

If you’re a Dropbox user, particularly a user of Dropbox Sign, be aware that Dropbox has confirmed a data breach with compromised information including login credentials.

a threat actor had accessed data including Dropbox Sign customer information such as email addresses, usernames, phone numbers and hashed passwords, in addition to general account settings and certain authentication information such as API keys, OAuth tokens, and multi-factor authentication.

You may be thinking, “no big deal, I didn’t have anything valuable on that account, and certainly didn’t store a credit card there!”

But wait.

There is a good chance that the criminal can decrypt your password. Once that’s done, you can be sure that username/password combo from Dropbox Sign will be tried on any site where anything of value might be available.

If you re-use passwords across multiple sites, consider this a wake-up call reminding you that it’s very important to use a unique, strong password on every site.


At Dropbox, our number one value is to be worthy of trust. We hold ourselves to a high standard when protecting our customers and their content. We didn’t live up to that standard here, and we’re deeply sorry for the impact it caused our customers.

Wow, something a bit more humble than the usual claptrap about how breached company X takes privacy and security seriously.

Yes, AT&T, I’m looking at you. Security breaches happen to most every enterprise at one point or another these days but kudos to the folks at Dropbox for demonstrating some humility.


Thank you for the info – I hadn’t heard about the Dropbox data breach.