Security News > 2022 > November > 130 Dropbox code repos plundered after successful phishing attack
Dropbox has suffered a data breach, but users needn't worry because the attackers did not gain access to anyone's Dropbox account, password, or payment information.
The compromised repositories contain "Copies of third-party libraries slightly modified for use by Dropbox, internal prototypes, and some tools and configuration files used by the security team" - but not code for Dropbox core apps or infrastructure.
A few thousand names and email addresses belonging to Dropbox employees, current and past customers, sales leads, and vendors.
The attackers got in by impersonating CircleCI, a company that develops a continuous integration and continuous delivery platform used by Dropbox developers.
What's next for Dropbox after this data breach?
The Dropbox security team did not say whether the credentials were compromised in the CircleCI-branded phishing campaign spotted by GitHub on September 16, or a later one.
News URL
https://www.helpnetsecurity.com/2022/11/02/dropbox-data-breach/
Related news
- How to Prevent Phishing Attacks with Multi-Factor Authentication (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains Including SharePoint & Zoom Docs (source)
- Phishing attack hides JavaScript using invisible Unicode trick (source)
- FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- YouTube warns of AI-generated video of its CEO used in phishing attacks (source)
- Ukrainian military targeted in new Signal spear-phishing attacks (source)