Unauthorised access to Dropbox data on GitHub
Dropbox has released a statement acknowledging that it was the victim of a phishing campaign that was exploited to gain access to code stored on GitHub. Specifically, GitHub alerted Dropbox to suspicious behaviour whereby a third party impersonated CircleCI (a continuous integration and delivery platform) and gained access to the account.
Overall, the attacker gained access to 130 code repositories, including thousands of names and email addresses of Dropbox employees, as well as current and former customers, sales leads and suppliers. Additionally, the attacker gained access to copies of modified third-party libraries, internal prototypes, and some tools and configuration files used by the security team.
References:
- 01/11/2022 dropbox.tech How we handled a recent phishing incident that targeted Dropbox
- 01/11/2022 bleepingcomputer.com Dropbox discloses breach after hacker stole 130 GitHub repositories
- 01/11/2022 theregister.com Dropbox admits 130 of its private GitHub repos were copied after phishing attack
- 02/11/2022 softzone.es Dropbox ha sido hackeado, ¿debo preocuparme por mis datos?
- 02/11/2022 muycomputerpro.com Dropbox sufre una brecha de seguridad: roban código de 130 de sus repositorios en GitHub