Dropbox is a file hosting service operated by the American company Dropbox, Inc., that offers cloud storage, file synchronization, personal cloud, and client software. On November 1 of 2022, Dropbox confirmed that it has experienced a data breach. An unknown attacker gained access to credentials, data, and other secrets within their private GitHub code repositories.
On October 14, 2022, GitHub alerted Dropbox to some suspicious behavior that began the previous day. Upon further investigation, Dropbox found that a threat actor pretending to be CircleCI accessed one of Dropbox’s GitHub accounts.
How did the DropBox Data Breach Happen ?
- The attacker sent out a mass phishing email impersonating CircleCI, a major CI/CD software utilized by Dropbox internally.
- The phishing email sent the victim to a bogus CircleCI login page, where they submitted their GitHub credentials. CircleCI enabled users to log in using their GitHub credentials.
- Users were also asked to provide a One-Time Password (OTP) generated by their hardware authentication key,
- The attacker would get access to the victim’s GitHub account using the OTP and credentials given by the user.
- The attacker copied more than 130 internal repositories, which contained both public and confidential source code.
Effects of the Data breach :
- The threat actor has access to the contents of anyone’s Dropbox account, their password, or their payment information
- The code accessed by this threat actor contained some credentials—primarily, API keys—used by Dropbox developers. The code and the data around it also included a few thousand names and email addresses belonging to Dropbox employees, current and past customers, sales leads, and vendors (for context, Dropbox has more than 700 million registered users).
Paradigm IT Cyber provides phishing simulation exercises that helps employees recognize, avoid, and report potential threats that can compromise critical business data and systems, and spread awareness on such attacks.
For further clarifications or support, please write to contact@paradigmitcyber.com
