Threat actors gained access to the GitHub repositories of Dropbox by using the stolen credentials of a Dropbox employee.
It was one day before the breach that took place on October 14, GitHub notified Dropbox about the occurrence of suspicious activities.
Dropbox Data Breach
The data accessed by the threat actors contained the following data among which some are mainly used by the developers:-
- API keys
- Names of Dropbox employees
- Email addresses of Dropbox employees
- Current customers
- Past customers
- Sales leads
While apart from this, the number of registered users of Dropbox has grown to over 700 million at the present time. In this case, Dropbox employees were targeted by a phishing attack which resulted in a successful breach.
The threat actors posed as CircleCI and sent emails that impersonated the platform in order to entice their victims into entering their GitHub username and password on a phishing landing page in order to gain access to their data.
Additionally, to pass the OTP, the employees were also asked to utilize their hardware authentication keys on the same phishing page.
An ongoing phishing campaign targeting GitHub’s users has been spotted by the company in September 2022. GitHub warned that by impersonating the CircleCI DevOps platform at the time, attackers were targeting users’ 2FA codes and credentials in this malicious campaign.
As of September 16, the company found out that many victim organizations, with the exception of GitHub, had been affected by the phishing campaign.
Dropbox revealed that one of its GitHub organizations had been compromised by the threat actors, which led them to access 130 of Dropbox’s code repositories after stealing the Dropboxers’ credentials.
“The issue was quickly resolved and no one’s content, passwords, or payment information was exposed as a result of this incident. In addition to our core applications and infrastructure, we have also ensured that access to this code was limited to the most strict guidelines, which allows for its strict control.” Dropbox stated in press release.
Moreover, as part of its security initiatives, Dropbox is working on utilizing WebAuthn, hardware tokens, and biometric factors in order to secure the entire environment.