drop box has confirmed that suffered a security breach a few days ago, and that due to a phishing attack, an unauthorized third party has been able to steal company code after stealing an employee’s credentials to GitHub repositories. According to the post in which the company acknowledges the incident, it took place in the middle of last October. In Dropbox they found out what happened when GitHub notified them on October 14 that there was suspicious activity on an account.
As indicated by the company, the code that the attacker has accessed “contained some credentials, mostly API keys, which are used by Dropbox developers«. But he insists thatdid not access any customer content, passwords or payment information«. In addition, it has also indicated that its main apps, as well as its infrastructure, have not been affected.
Apparently, the suspicious behavior that GitHub alerted Dropbox to began the day before, on October 13. A third party, pretending to be someone authorized to use the CircleCI account, accessed one of the GitHub accounts and accessed various data. The code and data accessed by the attacker included a few thousand names and email addresses of Dropbox employees, as well as current and former customers. Also sales leads, and suppliers.
At Dropbox they assure that they take seriously their commitment to protect the privacy of customers, partners and employees, and that although they believe that any problem they may suffer is minimal, they have notified those affected of the incident. The company uses GitHub to store public and private repositories, and has noted that it uses CircleCI to “some specific internal deployments«. As we have mentioned, the attack occurred through an account that pretended to be a CircleCI representative whose access credentials were obtained by the attacker through Dropbox employees.
Total, the attacker gained access to 130 code repositories before access was cut off. Among them are those that include Dropbox’s copies of third-party libraries slightly modified by the company for its own use and internal prototypes. Also some tools and configuration files used by the security team. It is important to emphasize that it does not include code from the main Dropbox applications, nor from its infrastructure, since access to the repositories in which it is located is even more limited, and is very strictly controlled.
The company notes that it is using the services of a third party to conduct additional investigations into the incident, and to ensure that no customer data is included. Also is accelerating the adoption of WebAutha solution that they define as “the gold standard” of multi-factor authentication tools.
