Security News > 2022 > November > Dropbox discloses breach after hacker stole 130 GitHub repositories
Dropbox disclosed a security breach after threat actors stole 130 code repositories after gaining access to one of its GitHub accounts using employee credentials stolen in a phishing attack.
"To date, our investigation has found that the code accessed by this threat actor contained some credentials-primarily, API keys-used by Dropbox developers," Dropbox revealed on Tuesday.
The successful breach resulted from a phishing attack that targeted multiple Dropbox employees using emails impersonating the CircleCI continuous integration and delivery platform and redirecting them to a phishing landing page where they were asked to enter their GitHub username and password.
After stealing the Dropboxers' credentials, the attackers gained access to one of Dropbox's GitHub organizations and stole 130 of its code repositories.
"These repositories included our own copies of third-party libraries slightly modified for use by Dropbox, internal prototypes, and some tools and configuration files used by the security team," the company added.
"While GitHub itself was not affected, the campaign has impacted many victim organizations," GitHub said in an advisory at the time.
News URL
Related news
- Silk Typhoon hackers now target IT supply chains to breach networks (source)
- Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits (source)
- Live Ransomware Demo: See How Hackers Breach Networks and Demand a Ransom (source)
- Oracle denies breach after hacker claims theft of 6 million data records (source)
- Chinese Hackers Breach Asian Telecom, Remain Undetected for Over 4 Years (source)
- StreamElements discloses third-party data breach after hacker leaks data (source)
- Hackers lurked in Treasury OCC’s systems since June 2023 breach (source)
- Lazarus hackers breach six companies in watering hole attacks (source)