Dropbox phishing attack exposed some GitHub-stored code

Updated on 2022-11-06: Dropbox phishing attack exposed some GitHub-stored code

Cloud giant Dropbox confirmed a data breach this week affecting its development environment. Dropbox said in a post-mortem that no customer data, content, passwords or payment info was taken. While limited in nature and contained, the disclosure explains what went wrong and why. (Yes, even in this day and age that’s rare; credit where it’s due.) It seems similar in nature to LastPass’ breach earlier this year, and in terms of disclosure — detailed and transparent. Remember, it’s not that companies get breached. It’s how they handle the aftermath that matters… Uber, DoorDash, Mailchimp, Okta, Samsung — oh, there are just so many. Read more:

• How we handled a recent phishing incident that targeted Dropbox
• LastPass: Notice of Recent Security Incident

Updated on 2022-11-02: Dropbox: We Were Targeted in a Phishing Campaign

Dropbox has disclosed that it was the target of a phishing campaign in October after attackers managed to access Dropbox’s GitHub repositories. GitHub alerted Dropbox to suspicious activity. When Dropbox investigated, they learned that attackers had copied 130 code repositories. The incident is noteworthy because the attackers were able to bypass multi-factor authentication.

Note

• Looks like this was a phishing attack that took advantage of vulnerabilities in CircleCI’s (a widely used continuous integration platform) implementation of MFA. Like all security controls, if you implement them badly they don’t keep the bad guys out. Part of supply chain security is making sure vendors are showing evidence of having their software tested for vulnerabilities or open attack paths.
• The Drobpox blog provides not only an explanation of how, even with multiple layers of defense, the attackers were able to get access, as well as an assessment of their then MFA solution. As convenient as OTP/TOTP and SMS are for MFA, current attack techniques include processes for leveraging their shortfalls. Use the analysis to support your case to move to phishing resistant MFA.

Read more in

• How we handled a recent phishing incident that targeted Dropbox
• Dropbox Code Repositories Stolen in Cyberattack on GitHub-Based Developers
• Dropbox incident raises questions about how much security pros can depend on MFA
• Dropbox discloses breach after hacker stole 130 GitHub repositories

Updated on 2022-11-01

Dropbox confirmed suffering a phishing attack, leading to the intruder copying 130 of its private GitHub repositories and pilfering some confidential API credentials. Read more: Dropbox admits 130 of its private GitHub repos were copied after phishing attack

Overview: Dropbox phishing incident

File-sharing and file synchronization service Dropbox disclosed a minor security breach on Tuesday, revealing that a threat actor managed to compromise one of its employees through a phishing attack and gained access to one of its GitHub accounts. Dropbox said the intruder did not gain access to its core infrastructure where the files, personal data, and financial information of its users was being stored. However, Dropbox said the attackers did have access to repositories that stored API keys used by its developers and “a few thousand names and email addresses belonging to Dropbox employees, current and past customers, sales leads, and vendors.” Read more: How we handled a recent phishing incident that targeted Dropbox