Dropbox discloses a security breach through a phishing attack, due to which unauthorized hackers stole around 130 repository codes on GitHub.
The company discovered the attackers and was breached on October 14, 2022, when the company notified it one day before the attack when a suspicious attack started and an alert was sent. A bad actor poses as code integration and delivery platform CircleCI to get employees’ login information and authentication codes and access Dropbox’s account on code repository site GitHub. CircleCI login information can be used to access GitHub.
In an advisory, the company said, “These repositories had our own copies of third-party libraries that had been slightly changed so that Dropbox could use them, as well as internal prototypes and some tools and configuration files used by the security team.”
The breach resulted in access to API keys used by developers. Dropbox assured users that the threat actor did not gain access to the contents of any Dropbox accounts, passwords, or payment information. Instead, the hacker was able to access a few thousand names and email addresses belonging to Dropbox employees, current and past customers, sales leads, and vendors. The company said the risk to those who had their information accessed in the breach was “minimal,” but it has contacted all those affected.
The phishing site used by hackers was relayed using time-based one-password (TOTP) and two authentication codes, which helped the hacker so gain access to all the accounts that were protected by two-factor authentication, whiled the accounts protected by hardware security keys were not vulnerable to this attack.
Through the attack, the bad guy was able to get into and download multiple private code repositories. He was also able to use techniques to keep his access to the account even if the user or organization he or she had attacked changed their password.