The online storage giant Dropbox is the victim of a major data leak: cybercriminals managed to recover an employee’s login credentials using phishing and they were able to recover the content of 130 GitHub code repositories!
It’s a alert issued by GitHub on October 14, 2022 who tipped off the Dropbox teams! Indeed, GitHub detected suspicious activity on some repositories, which generated this alert 1 day later. During this time, the cybercriminals were able to access the contents of several repositories as indicated Dropbox in its security bulletin : “We were recently the target of a phishing campaign that gained access to some of the code we store on GitHub.“
To gain access to a Dropbox employee’s account, cybercriminals used a phishing campaign. A great classic. This campaign aimed at Dropbox employees usurped the identity of the CircleCI solution, redirecting them to a fake GitHub page where the user had to enter their credentials (username + password), as well as their one-time code necessary for multi-factor authentication. Unfortunately, one of them fell into the trap.
What does this data leak contain?
Even though the cybercriminals did not gain access to Dropbox’s core infrastructure and the company considers the risk to its customers to be low, there was still a data leak. First, Dropbox says: “Our investigation to date has revealed that the code accessed by this attacker contained credentials – primarily API keys – used by Dropbox developers..”
Then, the American company admits all the same that the cybercriminals were able to access “a few thousand names and email addresses belonging to Dropbox employees, current and past customers, prospects and salespeople (for your information, Dropbox has over 700 million registered users).“
Regarding the contents of these 130 repositories on GitHub, Dropbox indicates that they “copies of third-party libraries slightly modified for use by Dropbox, internal prototypes, and some tools and configuration files used by the security team“. The code of the Dropbox solution itself would not be affected by this data leak. They also did not have access to customer payment information, passwords and data.
Finally, Dropbox says that additional security measures will be put in place to prevent this type of incident from happening again.
#Data #leak #Dropbox #happened