We are aware of the issue with the badge emails resending to everyone, we apologise for the inconvenience - learn more here.
Forum Discussion
KSL1030
7 months agoNew member | Level 2
Information regarding your Dropbox Sign (formerly HelloSign).
I got this email today. Is this legitimate? From No-reply@em-s.dropbox.com May 5,2024 Information regarding your Dropbox Sign (formerly HelloSign) Hello, We’re reaching out because on Ap...
Nebue
7 months agoNew member | Level 2
[Update] After I scrolled all the way down in the mail box, I found one email in 2017 which apparently that email address is (still) registered on app.hellosign.com instead of dropbox.com, how confusing. Now I am disconnecting and deleting everything relate to that email address which is online payment systems and more!!! Dropbox you're disappointing!!!
Hi. I have received an email to my other email address from no-reply@em-s.dropbox.com on May 5th regarding unauthorized access to the Dropbox sign on April 24th. I don't remember I have an account with that email address. So I try to log in in 2 different browsers with that email address but it keeps taking me to a page of sign up which means that email address isn't registered on Dropbox. How so?? The email is below :
Hello,
We’re reaching out because on April 24th, we became aware of unauthorized access to the Dropbox Sign (formerly HelloSign) production environment. Upon further investigation, we discovered that a threat actor had accessed Dropbox Sign customer information. You are receiving this message because your information was in the data the third party accessed.
What happened
We can confirm that Dropbox Sign customer information such as emails, usernames, phone numbers, hashed passwords, multi-factor authentication, and general account settings were obtained. Based on our investigation, there is no evidence of unauthorized access to the contents of customers’ accounts (i.e. their documents or agreements), or their payment information.
What we’re doing
When we became aware of this issue, we launched an investigation with industry-leading forensic investigators to understand what happened and mitigate risks to our users. In response, our security team reset users’ passwords, logged users out of any devices they had connected to Dropbox Sign. What you can do
- Passwords and multi-factor authentication: We’ve expired your password and logged you out of any devices you had connected to Dropbox Sign to further protect your account. The next time you log in to your Sign account, you’ll be sent an email to reset your password. Customers who use an authenticator app for multi-factor authentication should reset it as soon as possible. Please delete your existing entry and then reset it. If you use SMS you do not need to take any action.
- If you reused your Dropbox Sign password on any other services, we strongly recommend that you change your password on those accounts and utilize multi-factor authentication when available. Instructions on how to do this for your Dropbox Sign account can be found here.
At Dropbox, our number one value is to be worthy of trust. We hold ourselves to a high standard when protecting our customers and their content. We didn’t live up to that standard here, and we’re deeply sorry for the impact it caused our customers. We are grateful for your partnership, and we’re here to help all of those who were impacted by this incident. For more information on this incident, how to contact us, and updates see here.
- The Dropbox team
About Security and Permissions
Start a discussion in the Dropbox Community forum to get help with your account security and permissions. Find support from Community members.
Need more support
If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!