26 C
Mumbai
Thursday, December 1, 2022

Dropbox Data Breach: How Hackers Stole GitHub Repositories

HomeSecurity AwarenessDropbox Data Breach: How Hackers Stole GitHub Repositories

172 Million Passwords Stolen in ZYNGA Breaches

INTRODUCTION:- A  Password was Breached of a Famous Online Game Company ZYNGA.inc on 2nd September 2019. ZYNGA is a Leading...

Must Read

Ameya Hivarkar
Ameya Hivarkar
Being a 18-year-old, Ameya is interested to learn new things ranging from gaming to technology. He is passionate about keeping you all updated with his knowledge about new gaming trends and technology globally. He is currently contributing to BLARROW as a Content Writer.

Dropbox discloses a security breach through a phishing attack, due to which unauthorized hackers stole around 130 repository codes on GitHub.

The company discovered the attackers and was breached on October 14, 2022, when the company notified it one day before the attack when a suspicious attack started and an alert was sent. A bad actor poses as code integration and delivery platform CircleCI to get employees’ login information and authentication codes and access Dropbox’s account on code repository site GitHub. CircleCI login information can be used to access GitHub.

phishing protection for

In an advisory, the company said, “These repositories had our own copies of third-party libraries that had been slightly changed so that Dropbox could use them, as well as internal prototypes and some tools and configuration files used by the security team.”

The breach resulted in access to API keys used by developers. Dropbox assured users that the threat actor did not gain access to the contents of any Dropbox accounts, passwords, or payment information. Instead, the hacker was able to access a few thousand names and email addresses belonging to Dropbox employees, current and past customers, sales leads, and vendors. The company said the risk to those who had their information accessed in the breach was “minimal,” but it has contacted all those affected.

The phishing site used by hackers was relayed using time-based one-password (TOTP) and two authentication codes, which helped the hacker so gain access to all the accounts that were protected by two-factor authentication, whiled the accounts protected by hardware security keys were not vulnerable to this attack.

Through the attack, the bad guy was able to get into and download multiple private code repositories. He was also able to use techniques to keep his access to the account even if the user or organization he or she had attacked changed their password.

- Advertisement -

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Also Read

- Advertisement -

More Articles Like This

- Advertisement -