Security News > 2022 > November > Dropbox admits 130 of its private GitHub repos were copied after phishing attack
Dropbox has said it was successfully phished, resulting in someone copying 130 of its private GitHub code repositories and swiping some of its secret API credentials.
GitHub let Dropbox know the next day, and the cloud storage outfit investigated.
Interestingly, just three weeks before the attack, GitHub warned of phishing campaigns that involved impersonation of CircleCI. Dropbox appears not to have got the memo, because in early October its staff were sent and one or more bods fell for emails that masqueraded as legit CircleCI messages.
"These legitimate-looking emails directed employees to visit a fake CircleCI login page, enter their GitHub username and password, and then use their hardware authentication key to pass a One Time Password to the malicious site," Dropbox's explanation states.
Dropbox doesn't appear unduly worried by the incident because the repos "Included our own copies of third-party libraries slightly modified for use by Dropbox, internal prototypes, and some tools and configuration files used by the security team."
Dropbox also said the intruder's access to the GitHub repo silo was revoked on October 14, and that the cloud storage biz has since rotated all developer API credentials that the intruder had access to.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/11/01/dropbox_phishing_code_leak/
Related news
- GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks (source)
- Australian Organisations Targeted by Phishing Attacks Disguised as Atlassian (source)
- Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- New Phishing Tool GoIssue Targets GitHub Developers in Bulk Email Campaigns (source)
- GoIssue phishing tool targets GitHub developer credentials (source)