Dropbox security incident: hackers accessed to 130 GitHub source code repositories
The well-known cloud storage provider Dropbox recently had a major security incident. Its employees received phishing emails to steal GitHub credentials through fake notifications purporting to be from the CI/CD platform, but they actually clicked to log in and successfully logged in with their own hardware security keys.
Fortunately, the 130 code repositories stolen this time are only slightly modified versions of the third repository, so there is no private information and no leakage of internal sensitive data. The customer’s account and password are safe.
“These repositories included our own copies of third-party libraries slightly modified for use by Dropbox, internal prototypes, and some tools and configuration files used by the security team,” the company revealed in an advisory.
A subsequent investigation found that on October 14, Github sent a security alert to Dropbox administrators, saying that some employee accounts had suspicious behavior, and then Dropbox began an investigation.