• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Dropbox Suffers Breach, 130 GitHub Repositories Compromised

You are here: Home / General Cyber Security News / Dropbox Suffers Breach, 130 GitHub Repositories Compromised
November 2, 2022

Dropbox disclosed on Tuesday that it suffered a information breach involving danger actors stealing code from 130 repositories immediately after attaining obtain to a GitHub account utilizing worker qualifications attained in a phishing attack.

The cloud huge reported it identified the breach on October 14 when GitHub notified it of suspicious action that begun the past working day. 

“In early Oct, numerous Dropboxers been given phishing e-mail impersonating CircleCI, with the intent of targeting our GitHub accounts (a man or woman can use their GitHub credentials to log in to CircleCI).”

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


The firm additional that while its systems routinely quarantined some of these e-mails, many others landed in Dropboxers’ inboxes. 

“These authentic-seeking emails directed staff to check out a bogus CircleCI login webpage, enter their GitHub username and password, and then use their hardware authentication crucial to move a A person-Time Password (OTP) to the destructive site.” 

This at some point succeeded, giving the danger actor entry to just one of Dropbox’s GitHub companies, where by they proceeded to duplicate 130 of their code repositories. 

Dropbox believes the menace actors at the rear of the attack are the exact that specific GitHub consumers in September by impersonating the code integration and shipping system CircleCI, which Dropbox also utilizes for pick inside deployments.

“At no stage did this danger actor have accessibility to the contents of anyone’s Dropbox account, their password, or their payment details,” the business clarified.

“To day, our investigation has identified that the code accessed by this threat actor contained some credentials—primarily, API keys—used by Dropbox developers.”

In addition, the stolen code and the information close to it also incorporated “a few thousand” names and email addresses belonging to Dropbox employees, existing and previous customers, product sales leads and sellers.

“We think the risk to prospects is minimal,” Dropbox wrote. “Because we choose our determination to security, privacy, and transparency very seriously, we have notified these influenced.”

The information breach arrives months just after Paolo Passeri, cyber intelligence principal at Netskope, highlighted the part of cloud services in the hybrid war in Ukraine.


Some pieces of this short article are sourced from:
www.infosecurity-journal.com

Previous Post: «multiple vulnerabilities reported in checkmk it infrastructure monitoring software Multiple Vulnerabilities Reported in Checkmk IT Infrastructure Monitoring Software
Next Post: Android Apps With a Million Downloads Led Users to Phishing Sites Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Qilin Ransomware Adds “Call Lawyer” Feature to Pressure Victims for Larger Ransoms
  • Iran’s State TV Hijacked Mid-Broadcast Amid Geopolitical Tensions; $90M Stolen in Crypto Heist
  • 6 Steps to 24/7 In-House SOC Success
  • Massive 7.3 Tbps DDoS Attack Delivers 37.4 TB in 45 Seconds, Targeting Hosting Provider
  • 67 Trojanized GitHub Repositories Found in Campaign Targeting Gamers and Developers
  • New Android Malware Surge Hits Devices via Overlays, Virtualization Fraud and NFC Theft
  • BlueNoroff Deepfake Zoom Scam Hits Crypto Employee with MacOS Backdoor Malware
  • Secure Vibe Coding: The Complete New Guide
  • Uncover LOTS Attacks Hiding in Trusted Tools — Learn How in This Free Expert Session
  • Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign

Copyright © TheCyberSecurity.News, All Rights Reserved.