The file hosting platform Dropbox has revealed that they were recently the target of a phishing attack that saw hackers successfully steal some of the code that they stored on Github. However, they were also quick to state that no content, passwords or payment information were compromised, and that the issue they encountered was resolved quickly.
According to Dropbox, they were alerted by Github on 14 October that they noticed some suspicious behaviour happening. They then checked it out for themselves and saw that a threat actor that was also pretending to be CircleCI, another software company, had gained access to one of their Github accounts. This threat actor then managed to access some code and API keys used by Dropbox developers, along with some data that includes a few thousand names and email addresses of Dropbox employees, current and past users, sales leads and vendors.
“We were recently the target of a phishing campaign that successfully accessed some of the code we store in GitHub. No one’s content, passwords, or payment information was accessed, and the issue was quickly resolved. Our core apps and infrastructure were also unaffected, as access to this code is even more limited and strictly controlled. We believe the risk to customers is minimal,” – Dropbox
Once they realised that their Github accounts were compromised, Dropbox’s security teams took immediate action and cut off the threat’s access to their data. They also reviewed their security logs to ensure no other abuse of their data had occcurred. Dropbox has since began notifying all users affected, and will also be engaging with third party forensic experts to verify what they found and then report the incident to authorities.
As for now, Dropbox has apologised to their users and have stated that they’ll be speeding up the adoption of WebAuthn, a credential management API that can better authenticate the right users in an effort to reduce the future risk of being phished. They also state that any Dropbox users who notice suspicious behaviour on their Dropbox account should also report it to them here.
[ SOURCE ]
The Malaysian Communications and Multimedia Commission (MCMC) has urged iPhone users to update their devices…
Ahead of the Raya holiday weekend, Tesla Malaysia has just turned on a new SuperCharger…
This post is brought to you by OMOWAY. The production of OMO X, the world’s…
BMW has unveiled the new BMW i3, its first fully electric 3 Series for the…
This post is brought to you by AEON Bank. AEON Bank has introduced several exciting…
The Poco X8 Pro and X8 Pro Max have officially launched and they are now…
This website uses cookies.