Major hack at Dropbox Sign
Sign, the Dropbox service for legally binding electronic signatures on contracts and the like, must report a cyberattack. Email addresses, usernames, phone numbers, hashed passwords and general account settings were stolen. Included: Authentication information such as API keys, OAuth tokens and multi-factor authentication. Many companies in particular rely on the Dropbox Sign service for legally valid electronic signatures, such as those needed for contracts. The current hack is a serious attack on the existing data and authentication information used by Dropbox. The process is so serious that Dropbox not only blocked users' passwords and issued a new...