Hackers get into Dropbox developer accounts on GitHub, access 130 code repositories and more
Online storage giant Dropbox announced this week that a phishing campaign targeting its developers was successful, allowing hackers to gain access to the company’s GitHub accounts.
In a statement on Tuesday, Dropbox said the hackers were able to copy 130 code repositories and gain access to credentials as well as information on Dropbox employees, current and past customers, sales leads, and vendors.
“These repositories included our own copies of third-party libraries slightly modified for use by Dropbox, internal prototypes, and some tools and configuration files used by the security team. Importantly, they did not include code for our core apps or infrastructure. Access to those repositories is even more limited and strictly controlled,” Dropbox said. Dropbox said it has notified any users affected by the incident and explained that they were first alerted to the issue on October 14 when GitHub told them they were seeing “suspicious behavior that began the previous day.” Dropbox traced the issue back to CircleCI — a platform used by developers for a variety of purposes. Dropbox developers can use their GitHub credentials to login to CircleCI.