On May 2, 2024, Dropbox Sign, formerly HelloSign, experienced a data breach compromising user personal information.

Compromised data includes names, emails, usernames, phone numbers, and hashed passwords, along with account settings and authentication details.

Dropbox has officially reported the incident to regulators and law enforcement and is notifying and guiding affected users on enhancing security.

In response to the breach, Dropbox has reset passwords for affected accounts and is providing support for those individuals.

The breach has raised alarms about vulnerabilities in GitLab instances, leading to a high-severity account takeover threat recognized by the CISA.

Federal agencies have been directed to address this security vulnerability by May 22.