Dropbox confirms 130 of its GitHub repositories were stolen in a phishing campaign

Dropbox, a file hosting service owned by the American company Dropbox, Inc., revealed that threat actors successfully targeted and accessed 130 of its GitHub repositories via a phishing attack.

The attack took place on October 13, 2022, when crooks posed as the code integration and delivery platform CircleCI to access one of Dropbox’s GitHub accounts. Dropbox uses these to host public and some private repositories. Just about two months ago, GitHub already warned that its users were receiving phishing emails impersonating CircleCI.

Threat actors now again posed as CircleCI in phishing emails sent to multiple Dropbox employees, requesting them to visit a fake CircleCI login page, enter their GitHub credentials, and provide a one-time password to the site.

“While our systems automatically quarantined some of these emails, others landed in Dropboxers’ inboxes,” Dropbox’s team explains.

As a result, cybercriminals successfully accessed one of Dropbox’s GitHub organizations and copied 130 of its code repositories. These stored modified copies of third-party libraries, internal prototypes, and some security tools and configuration files.

According to the security team’s press release, the incident did not affect its core infrastructure, as well as content, passwords, or payment information of Dropbox users.

“We believe the risk to customers is minimal,” Dropbox’s team says.

However, cybercriminals did manage to access certain credentials – primarily API keys used by Dropbox developers. Its code included a few thousand names and email addresses belonging to Dropbox employees, current and past customers, sales leads, and vendors.

Following the attack, Dropbox’s team hired forensic experts to confirm whether their findings and analysis were indeed true.

More from Cybernews:

Thomson Reuters collected and leaked at least 3TB of sensitive data

​​Fast Company hackers sent obscene Apple News push

Disneyland's Instagram hacked to display racist and homophobic slurs

Azure developers targeted in a large supply chain attack

Has Kaseya dealt with cyberattack better than SolarWinds?

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked