Some Users May Be Experiencing Signature Service Interruption on Onboarding Documents
Incident Report for Applicant Tracking Software
Postmortem

Incident Summary:

On the morning of May 2nd, an issue was identified that impacted the document signing functionality across our platform. This disruption was directly linked to a security incident at Dropbox Sign (formerly HelloSign), our third-party vendor, which resulted in the restriction of API keys for all of their partners, including ours.

Timeline:

  • 9:50 AM PDT: Initial report of the document signing issue due to third-party vendor service disruption.
  • 10:04 AM PDT: Issue identified and communicated to users via the status page.
  • 10:55 AM PDT: Incident resolved after comprehensive coordination with Dropbox Sign.

Technical Overview:

The disruption originated from a security incident at Dropbox Sign, leading to their security team resetting users’ passwords, logging users out of any devices they had connected to Dropbox Sign, and coordinating the rotation of all API keys and OAuth tokens. This measure required an immediate rotation of our API keys to restore functionality, affecting our document signing services.

Actions Taken:

  • Immediate Key Rotation: We promptly rotated the API keys as required by Dropbox Sign to regain access to the document signing feature.
  • Vendor Collaboration: Extensive collaboration with Dropbox Sign was undertaken to address and resolve the security concerns effectively.
  • User Communication: We maintained continuous communication with our users through updates on our status page and direct notifications, ensuring transparency throughout the incident.

Ongoing and Future Remediation Plans:

  • Enhanced Monitoring: We are implementing advanced monitoring solutions to swiftly detect and manage similar disruptions in the future.
  • Vendor Risk Management: Our vendor risk assessment and management protocols are being strengthened to better handle potential disruptions from third-party services.
  • Incident Response Protocol Review: We are refining our incident response strategies to improve coordination and response times in partnership with third-party vendors during critical incidents.

Conclusion:

We have fully restored the document signing functionality, and all systems are now operational. We apologize for any inconvenience caused and are committed to enhancing our systems to prevent such disruptions. Our focus on maintaining a secure and reliable service for our users remains unwavering.

Contact Information:

For further details or inquiries, please do not hesitate to contact our support team.

We thank our users for their patience and continued support during this incident.

Learn more about Dropbox Sign's security incident and their response.

Posted May 02, 2024 - 18:16 PDT

Resolved
We are pleased to announce that the issue affecting the document signing capability has been fully resolved. Our technical team and third-party vendor have worked diligently to address the problem, and we can confirm that all services are now fully operational. If you encounter any further difficulties, please contact our support team for assistance. We thank you for your patience and understanding during this service interruption.
Posted May 02, 2024 - 10:55 PDT
Identified
We've identified an issue that's currently affecting the document signing capability within our platform. This disruption stems from a third party vendor experiencing downtime.

Our technical team is actively working with the vendor to resolve the issue as swiftly as possible. We recognize the importance of a smooth onboarding process and are committed to restoring normal service promptly.

Here’s what we know so far:

- The inability to sign documents is impacting some users.
- The issue is linked to third party vendor services.
- We expect a resolution within the hour.

In the meantime, please:

- Please refrain from sending any documents for signature at this time.
- Check back for updates on our status page or if subscribed, expect a notification once this is resolved or updated.

We apologize for the disruption and thank you for your patience and understanding during this time. Stay tuned for further updates!
Posted May 02, 2024 - 10:12 PDT
This incident affected: Offer Letters.