Security News > 2022 > November > 130 Dropbox code repos plundered after successful phishing attack
Dropbox has suffered a data breach, but users needn't worry because the attackers did not gain access to anyone's Dropbox account, password, or payment information.
The compromised repositories contain "Copies of third-party libraries slightly modified for use by Dropbox, internal prototypes, and some tools and configuration files used by the security team" - but not code for Dropbox core apps or infrastructure.
A few thousand names and email addresses belonging to Dropbox employees, current and past customers, sales leads, and vendors.
The attackers got in by impersonating CircleCI, a company that develops a continuous integration and continuous delivery platform used by Dropbox developers.
What's next for Dropbox after this data breach?
The Dropbox security team did not say whether the credentials were compromised in the CircleCI-branded phishing campaign spotted by GitHub on September 16, or a later one.
News URL
https://www.helpnetsecurity.com/2022/11/02/dropbox-data-breach/
Related news
- Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks (source)
- Australian Organisations Targeted by Phishing Attacks Disguised as Atlassian (source)
- Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations (source)