Dropbox, a file hosting service owned by the American company Dropbox, Inc., revealed that threat actors used a phishing attack to successfully target and access 130 of its GitHub repositories.
On October 13, 2022, crooks impersonated the code integration and delivery platform CircleCI to gain access to one of Dropbox's GitHub accounts. Dropbox makes use of these to host public and private repositories. GitHub already warned its users about phishing emails impersonating CircleCI about two months ago.
In phishing emails sent to multiple Dropbox employees, threat actors posed as CircleCI, requesting that they visit a fake CircleCI login page, enter their GitHub credentials, and provide a one-time password to the site.
“While our systems automatically quarantined some of these emails, others landed in Dropboxers’ inboxes,” Dropbox’s team explains.
As a result, hackers gained access to one of Dropbox's GitHub organisations and copied 130 of its code repositories. These files contained modified copies of third-party libraries, internal prototypes, as well as some security tools and configuration files.
According to the security team's press release, the incident had no impact on Dropbox's core infrastructure, content, passwords, or payment information.
“We believe the risk to customers is minimal,” Dropbox’s team says.
Cybercriminals did, however, gain access to certain credentials, primarily API keys used by Dropbox developers. Its code contained several thousand names and email addresses of Dropbox employees, current and past customers, sales leads, and vendors.
Following the attack, Dropbox's team hired forensic experts to confirm the accuracy of their findings and analysis.
Further reading
Reporting
Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).