Dropbox

Dropbox was a victim of a phishing campaign that was exploited to gain access to code stored on GitHub.

GitHub alerted Dropbox of suspicious behaviour whereby a third party impersonated CircleCI (a continuous integration and delivery platform) and gained access to its account.

The attacker gained access to 130 code repositories, including thousands of names and email addresses of Dropbox employees, as well as current and former customers, sales leads and suppliers.

Additionally, the attacker also gained access to copies of modified third-party libraries, internal prototypes, and some tools and configuration files used by the security team.

Source: https://www.incibe-cert.es/en/early-warning/cybersecurity-highlights/unauthorised-access-dropbox-data-github

"id": "DRO2222171122",
"linkid": "dropbox",
"type": "Cyber Attack",
"date": "11/2022",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"