[Security News] Data breach and cyber incident from Dropbox, London Drugs Pharmacy and NSW

Security weekly, security news, dropboxSign, London Drugs Pharmacy, Penta Security,

May 07, 2024


1. Dropbox Discloses Breach of Digital Signature Service Affecting All Users

Dropbox disclosed that Dropbox Sign (formerly HelloSign, an eSignature platform allowing legally binding signatures) was breached by unidentified threat actors. They accessed information related to all users of Dropbox Sign, including account settings, names and emails. For some users, phone numbers, hashed passwords and authentication information like API keys, OAuth tokens and multi-factor authentication methods were also exposed. The company reset all user’s passwords, logged out all sessions and restricted how API keys can be used.

Sources: The Hacker News, Bleeping Computer, Security Week, The Record


2. London Drugs pharmacy closes all stores to respond to cyber incident

Canadian pharmacy and retail chain London Drugs has closed all its stores temporarily as it responds to a cybersecurity incident that occurred over the weekend. The company confirmed Monday that the issue was due to a “cybersecurity incident”. The company is working with leading 3rd-party cybersecyrity experts to safely restore operations. London Drugs has yet to notify relevant authorities regarding this cyberattack, given there’s no indication that customer or employee personal or health.

Sources: Bleeping Computer, SC Media, The Register


3. NSW Data Breach May Have Impacted a Million Pub and Club Patrons

More than one million people, who visited multiple popular pubs, clubs, and restaurants across New South Wales, are at risk of identity fraud after a major data breach threatens to reveal personal information. The developers are understood to have had access to the personal details from names, phone numbers and addresses to facial recognition displays and drivers license scans. The peak body is ‘deeply concerned’ by the data breach and is now working with the affected venues and authorities.The cyberattack targeted Australian based tech company ‘Outabox’, a third-party IT provider, commonly used by hospitality venues. Club and pub patrons are advised to take extra caution when reviewing or opening links contained in emails or texts.

Sources: SKY News, Find Biometrics, Mail Online


Check out Penta Security’s product lines:

Web Application Firewall: WAPPLES

Database Encryption: D’Amo

Identity and Access Management: iSIGN+ 

Car, Energy, Factory, City Solutions: Penta IoT Security

Click here for inquiries regarding the partner system of Penta Security

Check out the product lines of  Cloudbric by Penta Security:

Cloud-based Fully Managed WAAP: Cloudbric WAF+

Agent based Zero Trust Network Access Solution: Cloudbric PAS

Agentless Zero Trust Network Access Solution: Cloudbric RAS

Blockchain: Blockchain Security Solution

Click here for inquiries regarding the partner system of Cloudbric