File hosting service, Dropbox reveals on Tuesday that it was the victim of a phishing campaign. The security breach allowed the unidentified threat actor to acquire unauthorized access to one of its GitHub accounts, compromising 130 of its source code repositories.
“These repositories included our own copies of third-party libraries slightly modified for use by Dropbox, internal prototypes, and some tools and configuration files used by the security team,” Dropbox published in an advisory.
Dropbox discovered the breach on October 14, after GitHub reported the company of suspicious activities that began a day before the alert was sent.
Upon further investigation of the security breach, it was disclosed that the source code accessed by the threat actors, contained the development team’s credentials, primarily API keys used by the team.
“The code and the data around it also included a few thousand names and email addresses belonging to Dropbox employees, current and past customers, sales leads, and vendors (for context, Dropbox has more than 700 million registered users).” the company added in the published advisory.
The cyberattack was introduced more than a month after both G
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: