Skip to main content

Hackers get into Dropbox developer accounts on GitHub, access 130 code repositories and more

posted onNovember 2, 2022
by l33tdawg
The Record
Credit: The Record

Online storage giant Dropbox announced this week that a phishing campaign targeting its developers was successful, allowing hackers to gain access to the company’s GitHub accounts.

In a statement on Tuesday, Dropbox said the hackers were able to copy 130 code repositories and gain access to credentials as well as information on Dropbox employees, current and past customers, sales leads, and vendors.

“These repositories included our own copies of third-party libraries slightly modified for use by Dropbox, internal prototypes, and some tools and configuration files used by the security team. Importantly, they did not include code for our core apps or infrastructure. Access to those repositories is even more limited and strictly controlled,” Dropbox said. Dropbox said it has notified any users affected by the incident and explained that they were first alerted to the issue on October 14 when GitHub told them they were seeing “suspicious behavior that began the previous day.” Dropbox traced the issue back to CircleCI — a platform used by developers for a variety of purposes. Dropbox developers can use their GitHub credentials to login to CircleCI.

Source

Tags

Industry News Security

You May Also Like

Recent News

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th

Thursday, June 6th