Dropbox Admits 130 of its GitHub Repos Compromised – Are You Safe?
Dropbox says it was phished – simple as that. As a result, the attacker had access to 130 of its code repositories and downloaded a wide range of information.
Dropbox has been very transparent about this, but it is both embarrassing and damaging to the company. The hackers socially engineered an employee to give up his MFA token. This shows a lack of user training.
GitHub detected the breach and informed Dropbox. This is not good either. Dropbox should be telling GitHub, not the other way around. In fairness, in my opinion, very few cloud vendors do a good job of integrating with their customer’s log management and alerting software (SIEM), so maybe Dropbox did not have the data. On the other hand, they are probably large enough to get GitHub to give them the data.
Dropbox uses CircleCI for continuous integration and GitHub was already warning its customers about CircleCI based attacks.
Dropbox was using a hardware MFA token, but that doesn’t work if the user is socially engineered, which is what happened here. They voluntarily gave up the MFA token to the hacker.
They say no customer data was affected, but employee credentials, API keys and other data, but no customer information at all.
This just points out that social engineering works. Are you prepared? This type of attack happens a lot and is relatively easy to execute.
If you need help, please contact us.
Credit: The Register