Type
Incident
Actors
Pub. date
November 1, 2022
Initial access
End-user compromise
Impact
Data exfiltration
Observed techniques
Targeted technologies
Status
Finalized
Last edited
Nov 10, 2024 3:40 PM
Dropbox disclosed a security breach where attackers stole 130 code repositories from one of its GitHub accounts by using credentials obtained from phishing Dropbox employees. The breach was discovered on October 14, following a GitHub alert. Attackers impersonated CircleCI in phishing emails, leading employees to enter their GitHub credentials and use hardware authentication keys for one-time passwords (OTPs).
The compromised repositories contained some API keys, internal tools, and configuration files but excluded core apps, infrastructure, and customer data. No customer accounts, passwords, or payment information were exposed.