Dropbox disclosed on Tuesday that it suffered a information breach involving danger actors stealing code from 130 repositories immediately after attaining obtain to a GitHub account utilizing worker qualifications attained in a phishing attack.
The cloud huge reported it identified the breach on October 14 when GitHub notified it of suspicious action that begun the past working day.
“In early Oct, numerous Dropboxers been given phishing e-mail impersonating CircleCI, with the intent of targeting our GitHub accounts (a man or woman can use their GitHub credentials to log in to CircleCI).”
The firm additional that while its systems routinely quarantined some of these e-mails, many others landed in Dropboxers’ inboxes.
“These authentic-seeking emails directed staff to check out a bogus CircleCI login webpage, enter their GitHub username and password, and then use their hardware authentication crucial to move a A person-Time Password (OTP) to the destructive site.”
This at some point succeeded, giving the danger actor entry to just one of Dropbox’s GitHub companies, where by they proceeded to duplicate 130 of their code repositories.
Dropbox believes the menace actors at the rear of the attack are the exact that specific GitHub consumers in September by impersonating the code integration and shipping system CircleCI, which Dropbox also utilizes for pick inside deployments.
“At no stage did this danger actor have accessibility to the contents of anyone’s Dropbox account, their password, or their payment details,” the business clarified.
“To day, our investigation has identified that the code accessed by this threat actor contained some credentials—primarily, API keys—used by Dropbox developers.”
In addition, the stolen code and the information close to it also incorporated “a few thousand” names and email addresses belonging to Dropbox employees, existing and previous customers, product sales leads and sellers.
“We think the risk to prospects is minimal,” Dropbox wrote. “Because we choose our determination to security, privacy, and transparency very seriously, we have notified these influenced.”
The information breach arrives months just after Paolo Passeri, cyber intelligence principal at Netskope, highlighted the part of cloud services in the hybrid war in Ukraine.
Some pieces of this short article are sourced from: