DropBox is alerting users that their personal data might have been stolen by hackers following a major data breach on the company.
The digital storage firm confirmed on Wednesday that unidentified hackers illegally accessed the Dropbox Sign platform last April 24, stealing users' emails, user names, phone numbers, and e-signatures in the process.
DropBox has yet to indicate the exact number of users affected but claims to have not detected any signs of hackers obtaining user accounts and payment information.
It is also not clear what was the nature and purpose of the cyberattack.
According to Bloomberg, DropBox provides cloud storage services to more than 18 million customers as of 2023.
This is the second major data leakage on DropBox within the year and the second confirmed cyberattack on the company since 2022.
How to Protect Data from DropBox Data Breach
Along with the alert, DropBox is also advising all customers to employ their own security measures to protect personal data as the investigation of the cyberattack continues.
In its US Security and Exchange filing, the company said it is already processing data protection and recovery for all affected customers with "step-by-step instructions."
Among the procedures suggested to be taken was to reset all passwords of accounts linked to the digital service,
Securing all API keys and multifactor authentication systems was also advised to see if any unauthorized log-in attempts were recorded on the account since the hacking.
Reported Cyberattacks on Cloud Services Increase
The cyberattack on DropBox follows the growing trend of cybercriminals targeting more and more cloud drive platforms to steal important user data.
Just last January, Forbes reported that 12TB-worth of leaked user data from DropBox, LinkedIn, and X (formerly Twitter) were discovered just lying in an open digital storage space.
The same attack pattern can be seen in the data breach of the company two years ago, wherein threat actors primarily targeted user data and credentials to further their operations.
Stolen user credentials are often used by threat actors and hackers for dummy accounts to infiltrate bigger digital platforms.