Security News > 2022 > November > 130 Dropbox code repos plundered after successful phishing attack
Dropbox has suffered a data breach, but users needn't worry because the attackers did not gain access to anyone's Dropbox account, password, or payment information.
The compromised repositories contain "Copies of third-party libraries slightly modified for use by Dropbox, internal prototypes, and some tools and configuration files used by the security team" - but not code for Dropbox core apps or infrastructure.
A few thousand names and email addresses belonging to Dropbox employees, current and past customers, sales leads, and vendors.
The attackers got in by impersonating CircleCI, a company that develops a continuous integration and continuous delivery platform used by Dropbox developers.
What's next for Dropbox after this data breach?
The Dropbox security team did not say whether the credentials were compromised in the CircleCI-branded phishing campaign spotted by GitHub on September 16, or a later one.
News URL
https://www.helpnetsecurity.com/2022/11/02/dropbox-data-breach/
Related news
- Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- GenAI makes phishing attacks more believable and cost-effective (source)
- CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force (source)
- Inside the incident: Uncovering an advanced phishing attack (source)
- Ongoing phishing attack abuses Google Calendar to bypass spam filters (source)