Need to see if your shared folder is taking up space on your dropbox 👨‍💻? Find out how to check here.

Forum Discussion

Bigjoe910's avatar
Bigjoe910
New member | Level 2
4 years ago
Solved

Log4j Breach

After the discovery of the security breach caused by Log4j on the weekend of December 10-12, 2021. We need to know if your software is vulnerable to this security breach.
security
  • Walter's avatar
    Walter
    4 years ago

    Hey Bigjoe910 & leksikon - thanks for your patience while we conducted a thorough review of services and components across all Dropbox products.

    We have hardened all instances of log4j that were identified on HelloSign and Dropbox-owned platforms by applying a patch or taking other appropriate action. Like many other service providers, we continue to work with our vendors to assess impact and remediation efforts. Our systems are functioning normally and we are not aware of any active threat.

    I hope this information helps!
     

jcarreon's avatar
jcarreon
Explorer | Level 3
4 years ago

Hi,

 

Do you have any update? Could you please confirm how does this affect Dropbox and/or if it has already been mitigated?

Thank you and I look forward to your response.

 

Kind Regards,

JCarreon

 

Megan's avatar
Megan
Icon for Dropbox Community Moderator rankDropbox Community Moderator
4 years ago
Happy Tuesday guys!

As mentioned, we conducted a thorough review of services and components across all Dropbox products.

We hardened all instances of log4j that were identified on Dropbox-owned platforms by applying a patch or taking other appropriate action. Our systems are functioning normally, and we have no evidence that this vulnerability was exploited.

We will continue to work with our vendors to assess the impact and remediation efforts.

So far, our vendors were either not vulnerable or had taken appropriate action. We have not seen any evidence of exploitation at our vendors. We’re still following up with a few vendors, like many other companies.

I hope this clarifies! 
  • MasterJediVuj's avatar
    MasterJediVuj
    Explorer | Level 3
    4 years ago

    Howdy, friends!

    As a follow-up to the Log4j vulnerability, our IT Security team is asking for the following specifics:

     

    1. Confirmation that Dropbox is no longer vulnerable (which is already available here in this discussion)
    2. The vulnerable version Dropbox was using
    3. The latest version Dropbox patched to (with dates)

    Any insight anyone can share is greatly appreciated.

     

    Thank you!

    • Walter's avatar
      Walter
      Icon for Dropbox Community Moderator rankDropbox Community Moderator
      4 years ago
      Hey MasterJediVuj, thanks for joining the discussion here.

      Would it be OK if we reach out via email to have a further look into your queries internally? 

About Security and Permissions

Start a discussion in the Dropbox Community forum to get help with your account security and permissions. Find support from Community members.

The Dropbox Community team is active from Monday to Friday. We try to respond to you as soon as we can, usually within 2 hours.

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X, Facebook or Instagram.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!