Gaming PC

Phishermen Reel In Dropbox’s Private Github Repos

Dropbox, a cloud storage provider, Announced (opens in new tab) You have been the target of a successful phishing attack that accessed a private GitHub repository. GitHub was able to quickly notify his Dropbox of the attack, and no customer data or passwords were affected.

(Image credit: Dropbox.com)

The data breach happened on October 13th, and Dropbox realized the next day that something was wrong. The attacker spoofed the CircleCI integration and delivery platform, which allows login using GitHub credentials, and with a lifelike phishing email, he attacked Dropbox staff. Many of them were blocked by Dropbox’s internal systems, but some passed. At least he appears to have one employee visit her fake CircleCI login page, enter her GitHub credentials, and use a hardware authentication key to get her through a one-time authentication. Passwords to malicious sites.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button