Incident Summary:
On the morning of May 2nd, an issue was identified that impacted the document signing functionality across our platform. This disruption was directly linked to a security incident at Dropbox Sign (formerly HelloSign), our third-party vendor, which resulted in the restriction of API keys for all of their partners, including ours.
Timeline:
Technical Overview:
The disruption originated from a security incident at Dropbox Sign, leading to their security team resetting users’ passwords, logging users out of any devices they had connected to Dropbox Sign, and coordinating the rotation of all API keys and OAuth tokens. This measure required an immediate rotation of our API keys to restore functionality, affecting our document signing services.
Actions Taken:
Ongoing and Future Remediation Plans:
Conclusion:
We have fully restored the document signing functionality, and all systems are now operational. We apologize for any inconvenience caused and are committed to enhancing our systems to prevent such disruptions. Our focus on maintaining a secure and reliable service for our users remains unwavering.
Contact Information:
For further details or inquiries, please do not hesitate to contact our support team.
We thank our users for their patience and continued support during this incident.
Learn more about Dropbox Sign's security incident and their response.