Security
  • Menu
  • All Tips
  • FAQs
  • Categories
  • Guidelines
  • Data Security Support
  • Tools
  • Have I Been Pwned?
  • Pwned Passwords
  • Email Checker
  • Password Generator
  • My IP
  • Privacy
DATA PRIVACY NOTICE AND CONSENT FORM

Cloudstaff is committed to protecting the privacy of its data subjects, and ensuring the safety and security of personal data under its control and custody. This policy provides information on what personal data is gathered by Cloudstaff Security Tips about its current, past, and prospective employees; how it will use and process this; how it will keep this secure; and how it will dispose of it when it is no longer needed. This information is provided in compliance with the Philippine Republic Act No. 10173, also known as, the Data Privacy Act of 2012 (DPA) and its Implementing Rules and Regulations (DPA-IRR). It sets out Cloudstaffs’ data protection practices designed to safeguard the personal data of individuals it deals with, and also to inform such individuals of their rights under the Act.

The personal data obtained from this application is entered and stored within the Cloudstaff system and will only be accessed by the Cloudstaff’s authorized personnel. Cloudstaff have instituted appropriate organizational, technical and cloud security measures (Amazon Web Services Shared Responsibility) to ensure the protection of the users personal data.

Information collected will be automatically deleted after three (3) years inactivity.

Furthermore, the information collected and stored in the application are as follows:
  • Given Name
  • Family Name
  • Avatar [Profile Picture]

USER CONSENT

I have read the Data Privacy Statement and expressed my consent for Cloudstaff to collect, record, organize, update or modify, retrieve, consult, use, consolidate, block, erase or destruct my personal data as part of my information.

I hereby affirm my right to be informed, object to processing, access and rectify, suspend or withdraw my personal data, and be indemnified in case of damages pursuant to the provisions of the Republic Act No. 10173 of the Philippines, Data Privacy Act of 2012 and its corresponding Implementing Rules and Regulations.

If you want to exercise any of your rights, or if you have any questions about how we process your personal data, please contact Cloudstaff’s Data Protection Officer, through the following channel:

Email to privacy@cloudstaff.com

  • Log in Now
Dropbox Sign Breach Exposes User Data: Investigation and Response Underway

Dropbox, the cloud storage services provider, disclosed a significant breach affecting its digital signature service, Dropbox Sign (formerly known as HelloSign). This breach, discovered on April 24, 2024, resulted in unauthorized access by unidentified threat actors to user emails, usernames, and general account settings associated with all users of the digital signature product. Additionally, for certain subsets of users, the attackers accessed phone numbers, hashed passwords, and authentication information such as API keys, OAuth tokens, and multi-factor authentication details.

The breach extends its impact beyond just Dropbox Sign users, as third parties who received or signed documents through Dropbox Sign but didn't create accounts themselves have also been affected, exposing their names and email addresses. Despite the severity of the breach, the investigation conducted so far has not found evidence suggesting that the attackers accessed the contents of users' accounts, including agreements, templates, or payment information.

The breach is reported to be confined to the infrastructure of Dropbox Sign, with no indication of intrusion into other Dropbox services. The attackers exploited a service account within the Dropbox Sign backend, leveraging its elevated privileges to access the customer database.

In response to the breach, Dropbox has taken immediate security measures, including resetting users' passwords, logging them out of connected devices, and coordinating the rotation of all API keys and OAuth tokens. Furthermore, the company cooperates with law enforcement and regulatory authorities to comprehensively address the breach.

Despite these efforts, the breach marks the second such incident targeting Dropbox within two years. In November 2022, the company disclosed a phishing campaign granting unauthorized access to 130 source code repositories on GitHub. The recurrence of security breaches underscores the ongoing challenges tech companies face in safeguarding user data and infrastructure integrity.


Source: https://thehackernews.com/2024/05/dropbox-discloses-breach-of-digital.html


Caitlin Joyce (CaitlinG) Galanza | News
Created: May 08 2024 | Updated: on 5/8/24
Comments


  2021 © Mazer

Security Tips v2.0.1 | Crafted with by Saugi