Dropbox 225.4.4896

🔐 Dropbox Security: Recurring Questions and Related User Issues

Below is a compilation of security concerns, breaches, and user-reported issues, along with detailed explanations and references.

1. Has Dropbox experienced any significant data breaches?

Yes, Dropbox has experienced significant data breaches. Notably, in 2012, Dropbox suffered a breach where over 68 million user credentials, including email addresses and hashed passwords, were compromised. The breach was linked to an employee reusing a password from another service, which had been previously hacked. This incident highlighted the risks associated with password reuse and the importance of robust security practices.

🔗 BBC News - Dropbox hack 'affected 68 million users'

🔗 Wired - Hack Brief: 4-Year-Old Dropbox Hack Exposed 68 Million People's Data

2. Were there any vulnerabilities in Dropbox's desktop application?

Yes, in 2024, a vulnerability identified as CVE-2024-5924 was discovered in Dropbox's desktop application. This flaw allowed remote attackers to bypass the Mark-of-the-Web (MOTW) protection mechanism, potentially enabling the execution of malicious code on users' systems. The vulnerability was particularly concerning as it could be exploited through shared folders from untrusted sources.

🔗 NVD - CVE-2024-5924

3. Has Dropbox's e-signature service, Dropbox Sign, been compromised?

Yes, in April 2024, Dropbox Sign (formerly HelloSign) experienced a security breach. Unauthorized access to the production environment led to the exposure of customer information, including emails, usernames, phone numbers, hashed passwords, API keys, OAuth tokens, and multi-factor authentication data. Dropbox confirmed that the incident was isolated to Dropbox Sign and did not impact other Dropbox services.

🔗 Dropbox Sign Blog - A recent security incident involving Dropbox Sign

4. Are there concerns about Dropbox's handling of user authentication data?

Yes, concerns have been raised regarding Dropbox's handling of user authentication data. In the 2024 Dropbox Sign breach, not only were hashed passwords exposed, but also multi-factor authentication information and API credentials. Such exposures can significantly increase the risk of unauthorized access to user accounts and services.

🔗 Forbes - Dropbox Warns Hacker Accessed Customer Passwords And 2FA Data

5. Have there been issues with Dropbox's mobile application security?

Yes, users have reported potential security vulnerabilities in Dropbox's mobile applications. For instance, in 2023, a user highlighted a passcode vulnerability that could pose risks to user data protection. While Dropbox has mechanisms to secure its applications, such reports underscore the need for continuous security assessments and updates.

🔗 Dropbox Community - Dropbox Passcode Vulnerability Report