The file hosting platform Dropbox has revealed that they were recently the target of a phishing attack that saw hackers successfully steal some of the code that they stored on Github. However, they were also quick to state that no content, passwords or payment information were compromised, and that the issue they encountered was resolved quickly.
According to Dropbox, they were alerted by Github on 14 October that they noticed some suspicious behaviour happening. They then checked it out for themselves and saw that a threat actor that was also pretending to be CircleCI, another software company, had gained access to one of their Github accounts. This threat actor then managed to access some code and API keys used by Dropbox developers, along with some data that includes a few thousand names and email addresses of Dropbox employees, current and past users, sales leads and vendors.
“We were recently the target of a phishing campaign that successfully accessed some of the code we store in GitHub. No one’s content, passwords, or payment information was accessed, and the issue was quickly resolved. Our core apps and infrastructure were also unaffected, as access to this code is even more limited and strictly controlled. We believe the risk to customers is minimal,” – Dropbox
Once they realised that their Github accounts were compromised, Dropbox’s security teams took immediate action and cut off the threat’s access to their data. They also reviewed their security logs to ensure no other abuse of their data had occcurred. Dropbox has since began notifying all users affected, and will also be engaging with third party forensic experts to verify what they found and then report the incident to authorities.
As for now, Dropbox has apologised to their users and have stated that they’ll be speeding up the adoption of WebAuthn, a credential management API that can better authenticate the right users in an effort to reduce the future risk of being phished. They also state that any Dropbox users who notice suspicious behaviour on their Dropbox account should also report it to them here.
[ SOURCE ]
For those heading up north or towards Klang from Jalan Duta, there's now a high-powered…
JomCharge and DBKL continue to deploy more street-level EV chargers around TTDI and one of…
U Mobile has expanded its own 5G network coverage in Bangsar, bringing indoor connectivity to…
Revealed alongside the CKD version of the BMW i5 eDrive 40 M Sport Pro, the…
The sixth-generation Nissan Serena is gearing up for its Malaysian debut in March 2026, bringing…
The updated 2026 Tesla Model Y, featuring a larger screen and refreshed interior, is now…
This website uses cookies.