November 2, 2022

Dropbox has confirmed a data leak that gave attackers access to one of the company’s GitHub accounts using stolen employee data.

Dropbox is a file hosting service that provides cloud storage, file synchronization, personal cloud and client software.

“To date, our investigation has found that the code accessed by this threat actor contained some credentials—primarily, API keys—used by Dropbox developers. The code and the surrounding data also included a few thousand names and email addresses belonging to Dropbox employees, current and past customers, sales leads, and vendors (for context, Dropbox has more than 700 million registered users),” said Dropbox.

The breach was made possible after attackers targeted several Dropbox employees in a phishing attack. The phishing email pretended to be the CircleCI continuous integration and delivery platform, redirecting employees to a phishing landing page, where they were asked to enter their GitHub username and password. The employees on the same phishing page, were asked to “use their hardware authentication key to pass a One Time Password (OTP).”

After a successful phishing attack and the theft of credentials, the hackers gained access to one of Dropbox’s GitHub accounts and stole 130 of their code repositories.

Dropbox said the attackers did not have access to customer accounts, passwords or payment information, and the main apps, information and infrastructure were not affected by the breach.

The sources for this piece include an article in BleepingComputer.