Dropbox

Dropbox experienced a security breach.

The threat actors stole 130 code repositories after gaining access to one of its GitHub accounts using employee credentials stolen in a phishing attack.

The attackers breached the account on October 14.

The code accessed by this threat actor contained some credentials primarily, API keys used by Dropbox developers.

The code and the data around it also included a few thousand names and email addresses belonging to Dropbox employees, current and past customers, sales leads, and vendors.

On the same phishing page, the employees were asked to enter their GitHub username and password & to use their hardware authentication key to pass a One Time Password (OTP).

They did not include code for their core apps or infrastructure.

The attackers never had access to customers' accounts, passwords, or payment information, and its core apps and infrastructure were not affected as a result of this breach.

Source: https://www-bleepingcomputer-com.cdn.ampproject.org/c/s/www.bleepingcomputer.com/news/security/dropbox-discloses-breach-after-hacker-stole-130-github-repositories/amp/

"id": "DRO121021122",
"linkid": "dropbox",
"type": "Breach",
"date": "11/2022",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"