Dropbox disclosed a security breach after threat actors stole 130 code repositories after gaining access to one of its GitHub accounts using employee credentials stolen in a phishing attack.
The company discovered the attackers breached the account on October 14 when GitHub notified it of suspicious activity that started one day before the alert was sent.
The code accessed primarily contained API keys used by Dropbox developers.
The code and the data around it also included a few thousand names and email addresses belonging to Dropbox employees, current and past customers, sales leads, and vendors.
Dropbox has more than 700 million registered users.
The successful breach resulted from a phishing attack that targeted multiple Dropbox employees using emails impersonating the CircleCI continuous integration and delivery platform, and redirecting them to a phishing landing page where they were asked to enter their GitHub username and password.
On the same phishing page, the employees were also asked to use their hardware authentication key to pass a One Time Password.
After stealing the Dropboxers' credentials, the attackers gained access to one of Dropbox's GitHub organizations and stole the code repositories.
Dropbox states the attackers never had access to customers' accounts, passwords, or payment information, and its core apps and infrastructure were not affected as a result of this breach.
In response to the incident, Dropbox is working on securing its entire environment using WebAuthn and hardware tokens or biometric factors.
CyberBeat is a grassroots initiative from a team of producers and subject matter experts, driven out of frustration at the lack of media coverage, responding to an urgent need to provide a clear, concise, informative and educational approach to the growing fields of Cybersecurity and Digital Privacy.
If you have a story of interest, a comment, a concern or if you'd just like to say Hi, please contact us
We couldn't do this without the support of our sponsors and contributors.