cyber Breach

Dropbox

Nov 2, 2022 1 min read
Dropbox

Dropbox experienced a security breach.

The threat actors stole 130 code repositories after gaining access to one of its GitHub accounts using employee credentials stolen in a phishing attack.

The attackers breached the account on October 14.

The code accessed by this threat actor contained some credentials primarily, API keys used by Dropbox developers.

The code and the data around it also included a few thousand names and email addresses belonging to Dropbox employees, current and past customers, sales leads, and vendors.

On the same phishing page, the employees were asked to enter their GitHub username and password & to use their hardware authentication key to pass a One Time Password (OTP).

They did not include code for their core apps or infrastructure.

The attackers never had access to customers' accounts, passwords, or payment information, and its core apps and infrastructure were not affected as a result of this breach.

Source: https://www-bleepingcomputer-com.cdn.ampproject.org/c/s/www.bleepingcomputer.com/news/security/dropbox-discloses-breach-after-hacker-stole-130-github-repositories/amp/

TPRM report: https://scoringcyber.rankiteo.com/company/dropbox

"id": "dro121021122",
"linkid": "dropbox",
"type": "Breach",
"date": "11/2022",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': 'Cloud Storage',
                        'name': 'Dropbox',
                        'type': 'Organization'}],
 'attack_vector': 'Phishing, Credential Theft',
 'data_breach': {'data_exfiltration': True,
                 'number_of_records_exposed': 'A few thousand',
                 'personally_identifiable_information': ['Names',
                                                         'Email addresses'],
                 'sensitivity_of_data': 'Medium',
                 'type_of_data_compromised': ['API keys',
                                              'Employee names and email '
                                              'addresses',
                                              'Customer names and email '
                                              'addresses',
                                              'Sales leads',
                                              'Vendor information']},
 'date_detected': '2023-10-14',
 'description': 'Dropbox experienced a security breach where threat actors '
                'stole 130 code repositories after gaining access to one of '
                'its GitHub accounts using employee credentials stolen in a '
                'phishing attack.',
 'impact': {'data_compromised': ['API keys',
                                 'Employee names and email addresses',
                                 'Customer names and email addresses',
                                 'Sales leads',
                                 'Vendor information'],
            'systems_affected': ['GitHub account']},
 'initial_access_broker': {'entry_point': 'GitHub account'},
 'motivation': 'Data Theft',
 'post_incident_analysis': {'root_causes': 'Phishing attack leading to '
                                           'credential theft'},
 'title': 'Dropbox Security Breach',
 'type': 'Data Breach, Phishing',
 'vulnerability_exploited': 'Employee credentials'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.