Security News > 2022 > November > 130 Dropbox code repos plundered after successful phishing attack
Dropbox has suffered a data breach, but users needn't worry because the attackers did not gain access to anyone's Dropbox account, password, or payment information.
The compromised repositories contain "Copies of third-party libraries slightly modified for use by Dropbox, internal prototypes, and some tools and configuration files used by the security team" - but not code for Dropbox core apps or infrastructure.
A few thousand names and email addresses belonging to Dropbox employees, current and past customers, sales leads, and vendors.
The attackers got in by impersonating CircleCI, a company that develops a continuous integration and continuous delivery platform used by Dropbox developers.
What's next for Dropbox after this data breach?
The Dropbox security team did not say whether the credentials were compromised in the CircleCI-branded phishing campaign spotted by GitHub on September 16, or a later one.
News URL
https://www.helpnetsecurity.com/2022/11/02/dropbox-data-breach/
Related news
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- YouTube warns of AI-generated video of its CEO used in phishing attacks (source)
- Ukrainian military targeted in new Signal spear-phishing attacks (source)
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)
- iOS devices face twice the phishing attacks of Android (source)
- Windows NTLM hash leak flaw exploited in phishing attacks on governments (source)
- Three Reasons Why the Browser is Best for Stopping Phishing Attacks (source)
- Phishing detection is broken: Why most attacks feel like a zero day (source)
- DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack (source)