secwatch.observer — SEC 8-K summary
======================================

Issuer:     DROPBOX, INC. (DBX)
CIK:        0001467623
Form:       8-K
Filed at:   2024-05-01T23:59:59+00:00
Accession:  0001467623-24-000024
Event type: cyber
Sentiment:  negative
Materiality: 0.30
Item codes: 1.05, 7.01, 9.01
LLM model:  deepseek-v4-flash:cloud@v2

Dropbox reports unauthorized access to Dropbox Sign production environment affecting user data
--------------------------------------------------------------------------------

- Threat actor accessed Dropbox Sign customer data including emails, usernames, phone numbers, hashed passwords, and authentication tokens.
- Incident discovered on April 24, 2024; no evidence of access to account contents (documents/agreements) or payment information.
- Dropbox believes the breach is isolated to Dropbox Sign infrastructure and did not affect other products like Dropbox cloud storage.
- Company reset passwords, logged out users, rotated API keys and OAuth tokens, and notified law enforcement and regulators.
- Dropbox states the incident has not had and is not reasonably likely to have a material impact on financial condition or operations.

Source:
  EDGAR index:    https://www.sec.gov/Archives/edgar/data/1467623/000146762324000024/0001467623-24-000024-index.htm
  Primary doc:    https://www.sec.gov/Archives/edgar/data/1467623/000146762324000024/dbx-20240429.htm
  HTML page:      https://secwatch.observer/filing/0001467623-24-000024

License: Source filings: public domain (SEC EDGAR). Summaries (headline + bullets): CC-BY-4.0; attribute https://secwatch.observer