Dropbox

Dropbox was a victim of a phishing campaign that was exploited to gain access to code stored on GitHub.

GitHub alerted Dropbox of suspicious behaviour whereby a third party impersonated CircleCI (a continuous integration and delivery platform) and gained access to its account.

The attacker gained access to 130 code repositories, including thousands of names and email addresses of Dropbox employees, as well as current and former customers, sales leads and suppliers.

Additionally, the attacker also gained access to copies of modified third-party libraries, internal prototypes, and some tools and configuration files used by the security team.

Source: https://www.incibe-cert.es/en/early-warning/cybersecurity-highlights/unauthorised-access-dropbox-data-github

TPRM report: https://scoringcyber.rankiteo.com/company/dropbox

"id": "dro2222171122",
"linkid": "dropbox",
"type": "Cyber Attack",
"date": "11/2022",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'industry': 'Technology',
                        'name': 'Dropbox',
                        'type': 'Company'}],
 'attack_vector': 'Phishing, Impersonation',
 'data_breach': {'personally_identifiable_information': ['Names',
                                                         'Email addresses'],
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information',
                                              'Proprietary Code',
                                              'Internal Tools and '
                                              'Configuration Files']},
 'description': 'Dropbox was a victim of a phishing campaign that was '
                'exploited to gain access to code stored on GitHub. GitHub '
                'alerted Dropbox of suspicious behaviour whereby a third party '
                'impersonated CircleCI (a continuous integration and delivery '
                'platform) and gained access to its account. The attacker '
                'gained access to 130 code repositories, including thousands '
                'of names and email addresses of Dropbox employees, as well as '
                'current and former customers, sales leads and suppliers. '
                'Additionally, the attacker also gained access to copies of '
                'modified third-party libraries, internal prototypes, and some '
                'tools and configuration files used by the security team.',
 'impact': {'data_compromised': ['Names and email addresses of Dropbox '
                                 'employees',
                                 'Names and email addresses of current and '
                                 'former customers',
                                 'Sales leads',
                                 'Suppliers',
                                 'Modified third-party libraries',
                                 'Internal prototypes',
                                 'Tools and configuration files used by the '
                                 'security team'],
            'systems_affected': ['GitHub account', '130 code repositories']},
 'initial_access_broker': {'entry_point': 'Phishing Email',
                           'high_value_targets': ['Code Repositories',
                                                  'Internal Prototypes',
                                                  'Security Tools and '
                                                  'Configuration Files']},
 'title': 'Dropbox Phishing Campaign and Code Repository Breach',
 'type': 'Phishing, Unauthorized Access',
 'vulnerability_exploited': 'Social Engineering'}