Security News > 2022 > November > 130 Dropbox code repos plundered after successful phishing attack

130 Dropbox code repos plundered after successful phishing attack
2022-11-02 12:41

Dropbox has suffered a data breach, but users needn't worry because the attackers did not gain access to anyone's Dropbox account, password, or payment information.

The compromised repositories contain "Copies of third-party libraries slightly modified for use by Dropbox, internal prototypes, and some tools and configuration files used by the security team" - but not code for Dropbox core apps or infrastructure.

A few thousand names and email addresses belonging to Dropbox employees, current and past customers, sales leads, and vendors.

The attackers got in by impersonating CircleCI, a company that develops a continuous integration and continuous delivery platform used by Dropbox developers.

What's next for Dropbox after this data breach?

The Dropbox security team did not say whether the credentials were compromised in the CircleCI-branded phishing campaign spotted by GitHub on September 16, or a later one.


News URL

https://www.helpnetsecurity.com/2022/11/02/dropbox-data-breach/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Dropbox 5 3 9 0 2 14