Dropbox revealed experiencing a security breach due to an attack involving threat actors stealing 130 code repositories from one of its employee’s GitHub accounts prompted by a phishing attack. The file-hosting firm’s security team detected the breach on October 14 when GitHub sent an alert one day after the initial attack.
Based on Dropbox’s released statement, their investigation showed that the code accessed by the hackers contained credentials, such as API keys, and sensitive data, including employee names and email addresses, past and current customers’ information, sales leads, and vendors.
A phishing attack on employees instigated the Dropbox breach.
Dropbox’s employees were initially targeted by a phishing attack with threat actors impersonating the CircleCI continuous integration tool. The attack had directed the victimised employees to a phishing page where they entered their GitHub credentials, resulting in a successful breach on their Dropbox account.
The phishing page also requested that Dropbox employees use their hardware authentication key as an OTP (one-time password). These stolen credentials allowed the hackers to access one of Dropbox’s GitHub repositories and steal 130 of their stored codes.
The file-hosting firm’s statement also added that the compromised repositories contained copies of third-party libraries modified for their use, internal prototypes, and tools and configuration files by their IT team.
Nonetheless, Dropbox underlines that the compromised repositories did not include codes for core applications and infrastructure. Threat actors could not steal them as those repositories have a more strictly controlled security with limited access.
Also safe from hackers were customers’ accounts, passwords, and payment information.
Dropbox explained that they are working to implement a more secure environment for their company, such as adopting WebAuthn API and hardware tokens or biometric factors. The file-hosting firm also apologised to all the affected individuals and ensured to prevent similar incidents from reoccurring.
For users who notice suspicious behaviour on their Dropbox accounts, the firm said to immediately report the incident to them to implement proper mitigation measures.
