Phishermen Reel In Dropbox’s Private Github Repos
Dropbox, a cloud storage provider, Announced (opens in new tab) You have been the target of a successful phishing attack that accessed a private GitHub repository. GitHub was able to quickly notify his Dropbox of the attack, and no customer data or passwords were affected.
The data breach happened on October 13th, and Dropbox realized the next day that something was wrong. The attacker spoofed the CircleCI integration and delivery platform, which allows login using GitHub credentials, and with a lifelike phishing email, he attacked Dropbox staff. Many of them were blocked by Dropbox’s internal systems, but some passed. At least he appears to have one employee visit her fake CircleCI login page, enter her GitHub credentials, and use a hardware authentication key to get her through a one-time authentication. Passwords to malicious sites.
This allowed the attackers to compromise Dropbox’s private Github area and copy 130 code repositories from there. According to a Dropbox statement, the data accessed includes: [It] It also included thousands of names and email addresses belonging to Dropbox employees, current and former customers, sales leads, and vendors. “These repositories contained our own copies of third-party libraries that were slightly modified for use with Dropbox, internal prototypes, and some tools and configuration files used by our security team.” Importantly, it contained no core app or infrastructure code, and access to these repositories is even more restricted and tightly controlled.”
Back in September, GitHub warned the user (opens in new tab) In a blog post about attacks targeting CircleCI, he said: Retains access even if the user changes their password. ”
Dropbox believes the risk to its customers is minimal, as it was able to block an attacker’s access the same day it discovered an intrusion. The company is also upgrading its multi-factor authentication method to his WebAuthn. This change was already underway when the attack occurred.