Boosts - Super weird to me that Dropbox has told Dropbox Sign customers to "delete your...

julie, 1 month ago

Super weird to me that Dropbox has told Dropbox Sign customers to "delete your existing entry and then reset it" if they use app-based MFA. I have never seen "delete your MFA and create new tokens" in post-compromise account hygiene advice before.

I suspect two things:
1.) Dropbox was storing plain text MFA seeds right next to their password hashes
2.) We're going to hear a lot more about this soon.

ref: https://sign.dropbox.com/blog/a-recent-security-incident-involving-dropbox-sign

#Cybersecurity #DFIR #InformationSecurity #Dropbox #DropboxSign

reply

report

activity

copy /kbin url

copy original url

open original url

Loading...

+ NeadReport, ixi, Decentralize, doboprobodyne

doboprobodyne 1 month ago
Decentralize 1 month ago
NeadReport 1 month ago
ixi 1 month ago