The file hosting platform Dropbox has revealed that they were recently the target of a phishing attack that saw hackers successfully steal some of the code that they stored on Github. However, they were also quick to state that no content, passwords or payment information were compromised, and that the issue they encountered was resolved quickly.
According to Dropbox, they were alerted by Github on 14 October that they noticed some suspicious behaviour happening. They then checked it out for themselves and saw that a threat actor that was also pretending to be CircleCI, another software company, had gained access to one of their Github accounts. This threat actor then managed to access some code and API keys used by Dropbox developers, along with some data that includes a few thousand names and email addresses of Dropbox employees, current and past users, sales leads and vendors.
“We were recently the target of a phishing campaign that successfully accessed some of the code we store in GitHub. No one’s content, passwords, or payment information was accessed, and the issue was quickly resolved. Our core apps and infrastructure were also unaffected, as access to this code is even more limited and strictly controlled. We believe the risk to customers is minimal,” – Dropbox
Once they realised that their Github accounts were compromised, Dropbox’s security teams took immediate action and cut off the threat’s access to their data. They also reviewed their security logs to ensure no other abuse of their data had occcurred. Dropbox has since began notifying all users affected, and will also be engaging with third party forensic experts to verify what they found and then report the incident to authorities.
As for now, Dropbox has apologised to their users and have stated that they’ll be speeding up the adoption of WebAuthn, a credential management API that can better authenticate the right users in an effort to reduce the future risk of being phished. They also state that any Dropbox users who notice suspicious behaviour on their Dropbox account should also report it to them here.
[ SOURCE ]