Dropbox
Company Details
Linkedin ID:
dropbox
Website:
Employees number:
3,971
Number of followers:
504,765
NAICS:
5112
Industry Type:
Homepage:
dropbox.com
IP Addresses:
0
Company ID:
DRO_6274250
Scan Status:
In-progress
Dropbox Company CyberSecurity Posture
dropbox.com
Dropbox is the one place to keep life organized and keep work moving. With more than 700 million registered users across 180 countries, we're on a mission to design a more enlightened way of working. To learn more about working at Dropbox, visit jobs.dropbox.com We also have a few simple guidelines to keep this space respectful and productive. Please avoid: - Harassing other people or using language that’s hateful, offensive, vulgar, or advocates violence - Trolling, fraud and spamming - Violating someone else’s rights or privacy - Advertising or soliciting donations - Link baiting - Posting off topic comments or thread hijacking We may remove comments that violate these guidelines.
Dropbox A.I CyberSecurity Scoring
Dropbox Risk Score (AI oriented)Between 700 and 749
Dropbox
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Dropbox Global Score (TPRM)XXXX
Dropbox
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Dropbox Company CyberSecurity News & History
Past Incidents
3
Attack Types
1
Dropbox
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: The Evony gaming company's website and forum were breached, exposing the personal information of 33 million players. A second hack of the website occurred two months later, this time targeting the Evony forum and exposing the personal information of 938,000 registered users. Among other internal data fields, each record has an IP address, password, email address, and username. Whenever a user appears in a breach, they can now receive notifications. Because the passwords were saved in unsalted MD5 and SHA-1 (Secure Hash Algorithm 1), hackers can easily decrypt them.
Dropbox
Breach
Rankiteo Explanation
Attack threatening the organization’s existence
Description: The corporation is being forced by a DropBox data breach to reset login credentials for users who were part of an online data dump. Dropbox has acknowledged the 2012 data breach and informed users that they could be required to reset their passwords as a result of the incident. Motherboard, which was able to get portions of the compromised collection, claims that the contents include hashed passwords and email addresses belonging to Dropbox customers. Undoubtedly, the data is authentic, as stated by an anonymous Dropbox staff member who spoke on condition of anonymity.
Dropbox
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: Dropbox experienced a security breach. The threat actors stole 130 code repositories after gaining access to one of its GitHub accounts using employee credentials stolen in a phishing attack. The attackers breached the account on October 14. The code accessed by this threat actor contained some credentials primarily, API keys used by Dropbox developers. The code and the data around it also included a few thousand names and email addresses belonging to Dropbox employees, current and past customers, sales leads, and vendors. On the same phishing page, the employees were asked to enter their GitHub username and password & to use their hardware authentication key to pass a One Time Password (OTP). They did not include code for their core apps or infrastructure. The attackers never had access to customers' accounts, passwords, or payment information, and its core apps and infrastructure were not affected as a result of this breach.
Dropbox Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Dropbox
Incidents vs Software Development Industry Average (This Year)
No incidents recorded for Dropbox in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Dropbox in 2025.
Incident Types Dropbox vs Software Development Industry Avg (This Year)
No incidents recorded for Dropbox in 2025.
Incident History — Dropbox (X = Date, Y = Severity)
Dropbox cyber incidents detection timeline including parent company and subsidiaries
Dropbox Company Subsidiaries
Dropbox is the one place to keep life organized and keep work moving. With more than 700 million registered users across 180 countries, we're on a mission to design a more enlightened way of working. To learn more about working at Dropbox, visit jobs.dropbox.com We also have a few simple guidelines to keep this space respectful and productive. Please avoid: - Harassing other people or using language that’s hateful, offensive, vulgar, or advocates violence - Trolling, fraud and spamming - Violating someone else’s rights or privacy - Advertising or soliciting donations - Link baiting - Posting off topic comments or thread hijacking We may remove comments that violate these guidelines.
Loading...
Dropbox Similar Companies
Daraz is the leading e-commerce marketplace across South Asia (excluding India). Our business covers four key areas – e-commerce, logistics, payment infrastructure and financial services – providing our sellers and customers with an end-to-end commerce solution. With access to over 500 million custo
Lazada
About Lazada Group Founded in 2012, Lazada Group is the leading eCommerce platform in Southeast Asia. We are accelerating progress in Indonesia, Malaysia, the Philippines, Singapore, Thailand and Vietnam through commerce and technology. With the largest logistics and payments networks in the regio
Cadence
Cadence is a market leader in AI and digital twins, pioneering the application of computational software to accelerate innovation in the engineering design of silicon to systems. Our design solutions, based on Cadence’s Intelligent System Design™ strategy, are essential for the world’s leading semic
Rakuten
Rakuten Group, Inc. (TSE: 4755) is a global technology leader in services that empower individuals, communities, businesses and society. Founded in Tokyo in 1997 as an online marketplace, Rakuten has expanded to offer services in e-commerce, fintech, digital content and communications to 2 billion m
Trimble Inc.
Trimble is a global technology company that connects the physical and digital worlds, transforming the ways work gets done. With relentless innovation in precise positioning, modeling and data analytics, Trimble enables essential industries including construction, geospatial and transportation. Whet
VMware by Broadcom delivers software that unifies and streamlines hybrid cloud environments for the world’s most complex organizations. By combining public-cloud scale and agility with private-cloud security and performance, we empower our customers to modernize, optimize and protect their apps an
GlobalLogic
GlobalLogic, a Hitachi Group company, is a trusted partner in design, data, and digital engineering for the world’s largest and most innovative companies. Since our inception in 2000, we have been at the forefront of the digital revolution, helping to create some of the most widely used digital prod
More than one billion people around the world use Instagram, and we’re proud to be bringing them closer to the people and things they love. Instagram inspires people to see the world differently, discover new interests, and express themselves. Since launching in 2010, our community has grown at a r
[24]7.ai
[24]7.ai™ customer engagement solutions use conversational artificial intelligence to understand customer intent, enabling companies to create personalized, predictive, and effortless customer experiences across all channels; attract and retain customers; boost agent productivity and satisfaction; a
.png)
Dropbox CyberSecurity News
October 03, 2025 07:00 AM
Cybersecurity firm Oneleet bags $33m Series A
Cybersecurity firm Oneleet secures $33m Series A led by Dawn Capital. Discover how it aims to end compliance theatre—read more now.
August 20, 2025 07:00 AM
North Korea Uses GitHub in Diplomat Cyber Attacks as IT Worker Scheme Hits 320+ Firms
North Korean Hackers Used GitHub and Cloud Services in Espionage Campaign Against Diplomats, While IT Workers Exploited AI to Infiltrate...
July 30, 2025 07:00 AM
Dropbox Passwords Warning — You Have Until October 28 To Save Yours
Dropbox Passwords will cease October 28 — act now to save your credentials.
July 22, 2025 07:00 AM
Facebook is forgotten, Tinder sits idle, and Pandora rots - your unused accounts are turning into digital time bombs
Millions still have "zombie accounts" on apps they forgot existed.
July 06, 2025 07:00 AM
Ingram Micro confirms ransomware behind multi-day outage
Ingram Micro, one of the world's largest distributors, has confirmed it is trying to restore systems following a ransomware attack.
June 27, 2025 01:55 PM
Dropbox Suffers Security Breach
Popular cloud-storage service, Dropbox, suffered a security breach recently when hackers absconded with users' email addresses and passwords linked to their...
June 19, 2025 07:00 AM
Dropbox Security 2025 [Recent Data Breaches & Alternatives]
Dropbox is no stranger to data leaks. We take a look at Dropbox security to determine the positives and potential negatives.
May 13, 2025 07:00 AM
South Korean researchers uncover another cyber-espionage campaign from the North
A hacker group known as APT37 has launched a new espionage campaign against organizations in South Korea with interests in national security, researchers have...
May 09, 2025 07:00 AM
Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials
Brazil-targeted phishing abuses RMM trialware via NF-e lures + Dropbox links, enabling stealth access.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Dropbox CyberSecurity History Information
Official Website of Dropbox
The official website of Dropbox is http://www.dropbox.com.
Dropbox’s AI-Generated Cybersecurity Score
According to Rankiteo, Dropbox’s AI-generated cybersecurity score is 732, reflecting their Moderate security posture.
How many security badges does Dropbox’ have ?
According to Rankiteo, Dropbox currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Dropbox have SOC 2 Type 1 certification ?
According to Rankiteo, Dropbox is not certified under SOC 2 Type 1.
Does Dropbox have SOC 2 Type 2 certification ?
According to Rankiteo, Dropbox does not hold a SOC 2 Type 2 certification.
Does Dropbox comply with GDPR ?
According to Rankiteo, Dropbox is not listed as GDPR compliant.
Does Dropbox have PCI DSS certification ?
According to Rankiteo, Dropbox does not currently maintain PCI DSS compliance.
Does Dropbox comply with HIPAA ?
According to Rankiteo, Dropbox is not compliant with HIPAA regulations.
Does Dropbox have ISO 27001 certification ?
According to Rankiteo,Dropbox is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Dropbox
Dropbox operates primarily in the Software Development industry.
Number of Employees at Dropbox
Dropbox employs approximately 3,971 people worldwide.
Subsidiaries Owned by Dropbox
Dropbox presently has no subsidiaries across any sectors.
Dropbox’s LinkedIn Followers
Dropbox’s official LinkedIn profile has approximately 504,765 followers.
NAICS Classification of Dropbox
Dropbox is classified under the NAICS code 5112, which corresponds to Software Publishers.
Dropbox’s Presence on Crunchbase
Yes, Dropbox has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/dropbox.
Dropbox’s Presence on LinkedIn
Yes, Dropbox maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/dropbox.
Cybersecurity Incidents Involving Dropbox
As of December 15, 2025, Rankiteo reports that Dropbox has experienced 3 cybersecurity incidents.
Number of Peer and Competitor Companies
Dropbox has an estimated 27,702 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Dropbox ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does Dropbox detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an remediation measures with reset login credentials..
Incident Details
Can you provide details on each incident ?
Title: Dropbox Security Breach
Description: Dropbox experienced a security breach where threat actors stole 130 code repositories after gaining access to one of its GitHub accounts using employee credentials stolen in a phishing attack.
Date Detected: 2023-10-14
Type: Data Breach, Phishing
Attack Vector: Phishing, Credential Theft
Vulnerability Exploited: Employee credentials
Motivation: Data Theft
Title: Dropbox Data Breach
Description: Dropbox acknowledged a 2012 data breach, forcing a reset of login credentials for users whose data was part of an online data dump.
Type: Data Breach
Title: Evony Gaming Data Breach
Description: The Evony gaming company's website and forum were breached, exposing the personal information of 33 million players. A second hack occurred two months later, targeting the Evony forum and exposing the personal information of 938,000 registered users.
Type: Data Breach
Attack Vector: WebsiteForum
Vulnerability Exploited: Weak password encryption (unsalted MD5 and SHA-1)
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through GitHub account.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach, Phishing DRO121021122
Data Compromised: Api keys, Employee names and email addresses, Customer names and email addresses, Sales leads, Vendor information
Systems Affected: GitHub account
Incident : Data Breach DRO2158291023
Data Compromised: Hashed passwords, Email addresses
Incident : Data Breach DRO202051123
Data Compromised: Ip address, Password, Email address, Username
Systems Affected: WebsiteForum
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Api Keys, Employee Names And Email Addresses, Customer Names And Email Addresses, Sales Leads, Vendor Information, , Hashed Passwords, Email Addresses, , Ip Address, Password, Email Address, Username and .
Which entities were affected by each incident ?
Incident : Data Breach, Phishing DRO121021122
Entity Name: Dropbox
Entity Type: Organization
Industry: Cloud Storage
Incident : Data Breach DRO202051123
Entity Name: Evony
Entity Type: Gaming Company
Industry: Gaming
Customers Affected: 33 million players, 938,000 registered users
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach DRO2158291023
Remediation Measures: reset login credentials
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach, Phishing DRO121021122
Type of Data Compromised: Api keys, Employee names and email addresses, Customer names and email addresses, Sales leads, Vendor information
Number of Records Exposed: A few thousand
Sensitivity of Data: Medium
Personally Identifiable Information: NamesEmail addresses
Incident : Data Breach DRO2158291023
Type of Data Compromised: Hashed passwords, Email addresses
Incident : Data Breach DRO202051123
Type of Data Compromised: Ip address, Password, Email address, Username
Number of Records Exposed: 33 million, 938,000
Sensitivity of Data: High
Data Encryption: Weak (unsalted MD5 and SHA-1)
Personally Identifiable Information: IP addressemail addressusername
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: reset login credentials, .
References
Where can I find more information about each incident ?
Incident : Data Breach DRO2158291023
Source: Motherboard
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Motherboard.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach, Phishing DRO121021122
Entry Point: GitHub account
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach, Phishing DRO121021122
Root Causes: Phishing attack leading to credential theft
Incident : Data Breach DRO202051123
Root Causes: Weak password encryption (unsalted MD5 and SHA-1)
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2023-10-14.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were API keys, Employee names and email addresses, Customer names and email addresses, Sales leads, Vendor information, , hashed passwords, email addresses, , IP address, password, email address, username and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was GitHub account and WebsiteForum.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were email addresses, hashed passwords, email address, Sales leads, IP address, API keys, password, username, Customer names and email addresses, Employee names and email addresses and Vendor information.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 33.9M.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is Motherboard.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an GitHub account.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Phishing attack leading to credential theft, Weak password encryption (unsalted MD5 and SHA-1).
.png)
Latest Global CVEs (Not Company-Specific)
Description
NXLog Agent before 6.11 can load a file specified by the OPENSSL_CONF environment variable.
Risk Information
cvss3
Base: 8.1
Severity: HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Description
uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMustBeSegmentNzNc with large input containing many commas.
Risk Information
cvss3
Base: 2.9
Severity: HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Description
A vulnerability was detected in Mayan EDMS up to 4.10.1. The affected element is an unknown function of the file /authentication/. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit is now public and may be used. Upgrading to version 4.10.2 is sufficient to fix this issue. You should upgrade the affected component. The vendor confirms that this is "[f]ixed in version 4.10.2". Furthermore, that "[b]ackports for older versions in process and will be out as soon as their respective CI pipelines complete."
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
MJML through 4.18.0 allows mj-include directory traversal to test file existence and (in the type="css" case) read files. NOTE: this issue exists because of an incomplete fix for CVE-2020-12827.
Risk Information
cvss3
Base: 4.5
Severity: HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L
Description
A half-blind Server Side Request Forgery (SSRF) vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network (including link-local or loopback services).
Risk Information
cvss3
Base: 5.8
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=dropbox' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
