Dropbox discloses breach after hacker stole 130 GitHub repositories
Reading Time: 3 Minutes
Dropbox disclosed a security breach after threat actors stole 130 code repositories after gaining access to one of its GitHub accounts using employee credentials stolen in a phishing attack.
The company discovered the attackers breached the account on October 14 when GitHub notified it of suspicious activity that started one day before the alert was sent.
“To date, our investigation has found that the code accessed by this threat actor contained some credentials—primarily, API keys—used by Dropbox developers,” Dropbox revealed on Tuesday.
“The code and the data around it also included a few thousand names and email addresses belonging to Dropbox employees, current and past customers, sales leads, and vendors (for context, Dropbox has more than 700 million registered users).”
The successful breach resulted from a phishing attack that targeted multiple Dropbox employees using emails impersonating the CircleCI continuous integration and delivery platform and redirecting them to a phishing landing page where they were asked to enter their GitHub username and password.
On the same phishing page, the employees were also asked to “use their hardware authentication key to pass a One Time Password (OTP).”
See Also: So you want to be a hacker?
Complete Offensive Security and Ethical Hacking Course
130 code repositories were stolen during the breach
After stealing the Dropboxers’ credentials, the attackers gained access to one of Dropbox’s GitHub organizations and stole 130 of its code repositories.
“These repositories included our own copies of third-party libraries slightly modified for use by Dropbox, internal prototypes, and some tools and configuration files used by the security team,” the company added.
“Importantly, they did not include code for our core apps or infrastructure. Access to those repositories is even more limited and strictly controlled.”
Dropbox added that the attackers never had access to customers’ accounts, passwords, or payment information, and its core apps and infrastructure were not affected as a result of this breach.
In response to the incident, Dropbox is working on securing its entire environment using WebAuthn and hardware tokens or biometric factors.
Trending: Recon Tool: Hakrawler
In September, other GitHub users were also targeted in a similar attack impersonating the CircleCI platform and asking them to sign into their GitHub accounts to accept user terms and privacy policy updates to keep using the service.
“While GitHub itself was not affected, the campaign has impacted many victim organizations,” GitHub said in an advisory at the time.
GitHub said it detected content exfiltration from private repositories almost immediately after the compromise, with the threat actors using VPN or proxy services to make tracing them more difficult.
Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?
If you want to express your idea in an article contact us here for a quote: [email protected]
Source: bleepingcomputer.com
Recent News
Offensive Security & Ethical Hacking Course
Begin the learning curve of hacking now!
Information Security Solutions
Find out how Pentesting Services can help you.
