[dml2135]

This is Dropbox Sign, not Dropbox. It’s a document signing product akin to Docusign, and was called Hellosign before Dropbox acquired them.

We are a customer of theirs at my startup, and as far as I can tell Dropbox has made very few changes since the acquisition beyond changing the branding. So I wouldn’t take this incident to be an indicator of much on the cloud-storage side of the company.

[EE84M3i]

Acquired in 2022? IMO that's enough time to bring their service up to the same security standard as the rest of their services, assuming it's a priority.

Google and others normally have a 6 month grace period for bug bounty reports in acquisitions.

[dheera]

> that's enough time to bring their service up to the same security standard

If you can get competent people to work for you while keeping Wall Street happy, sure, but there are much "cooler" companies across the street that Wall Street is more excited about, are hiring right now, and the competent folk are going there.

At the end of this extreme is Equifax-like companies that have leaks and lots of other issues. Before you ask why Equifax sucks so much, ask yourself: Would you work there? No? That's why they continue to suck.

While Dropbox isn't Equifax, it isn't OpenAI or NVIDIA right now.

[Fatnino]

I worked at equifax.

Just sort of ended up there when the fun startup I was at got acquired by them. I soon burnt out and checked out mentally and eventually they noticed and we parted ways.

I just wish I had had the wisdom to get myself out before I burnt out. Looking back, it was a slowly boil the frog type of situation.

[MichaelZuo]

Yeah after nearly 2 years it probably isn't a credible excuse in any way.

[Neener54]

We’ve been with hellosign for years and Dropbox has done a great job of stabilizing them. I will tell you that they have put in a ton of ops work to keep the platform up more consistently.

[dml2135]

True, they have been more stable since the acquisition now that you mention it.

Our implementation of their API was a bit of a mess so it can be hard to see through our own crap sometimes to give credit where its due haha.

[jrochkind1]

It should also be a reminder for Dropbox that acquiring a product then allowing it to languish risking security vulnerabilities -- will, appropriately, have negative brand perception implications that affect your main product too.