diff --git a/src/main/java/com/box/sdk/BoxWebHookSignatureVerifier.java b/src/main/java/com/box/sdk/BoxWebHookSignatureVerifier.java
index a09485a21..5f490ddd4 100644
--- a/src/main/java/com/box/sdk/BoxWebHookSignatureVerifier.java
+++ b/src/main/java/com/box/sdk/BoxWebHookSignatureVerifier.java
@@ -3,7 +3,7 @@
 import com.box.sdk.internal.pool.MacPool;
 import java.nio.charset.Charset;
 import java.security.InvalidKeyException;
-import java.util.Arrays;
+import java.security.MessageDigest;
 import java.util.Collections;
 import java.util.EnumSet;
 import java.util.Map;
@@ -127,7 +127,7 @@ private boolean verify(String key, BoxSignatureAlgorithm actualAlgorithm, String
         byte[] actual = Base64.decode(actualSignature);
         byte[] expected = this.signRaw(actualAlgorithm, key, webHookPayload, deliveryTimestamp);
 
-        return Arrays.equals(expected, actual);
+        return MessageDigest.isEqual(expected, actual);
     }
 
     /**