Dropbox has announced a security breach where hackers stole 130 code repositories from the Dropbox Github. The hackers were able to gain access to these Github repositories after gaining access to employee credentials in a phishing attack.
According to Bleeping Computer, Dropbox discovered the breach on October 14th after Github informed them of suspicious activity that started the day before the alert. “To date, our investigation has found that the code accessed by this threat actor contained some credentials—primarily, API keys—used by Dropbox developers,” Dropbox revealed on Tuesday.”
Matt Polak of Picnic Corporation and Abhay Bhargav of AppSecEngineer have weighed in on the Dropbox security breach with these comments:
- Matt Polak – CEO and Founder at Picnic Corporation: “A sophisticated social engineering attack like this is capable of compromising even the most well-trained employees. To reduce their risk of these kinds of attacks, organizations need to be able to do two things. Firstly, they need the capability to monitor and reduce their company and employee OSINT exposure since attackers need this data to craft their attacks. Secondly, companies need to be able to identify and block attacker infrastructure and accounts that impersonate them or a trusted third party before these can be leveraged against their people.”
- Abhay Bhargav – CEO and Founder at AppSecEngineer: “Attackers today seem to be moving towards compromising “ecosystems.” They want to be able to compromise apps that have massive user bases (like Dropbox), and the way they are doing that is by attempting to compromise the people in power, the Developers. This campaign is a targeted phishing campaign that is directed toward Dropbox’s developers or DevOps team members. The attackers have set up phishing sites masquerading as a popular Continuous Integration and Code build product, CircleCI. The attackers have hosted an app that phishes developers and steals their Github Credentials. GitHub is what Dropbox (amongst millions of others) uses for storing and managing source code. In this case, the attackers seem to have compromised an employee’s access to Github. Subsequently, they have used this access to steal the developer’s API Token that could be used to access some metadata around Dropbox’s employees, customers, and vendors. This is an interesting evolution of phishing which is oriented toward more technical users. This eliminates the myth that only non-tech users fall for phishing attacks. Attackers have scaled up their techniques to go after developers and technologists to perpetrate “ecosystem” attacks.”
“The code and the data around it also included a few thousand names and email addresses belonging to Dropbox employees, current and past customers, sales leads, and vendors (for context, Dropbox has more than 700 million registered users).”
“The successful breach resulted from a phishing attack that targeted multiple Dropbox employees using emails impersonating the CircleCI continuous integration and delivery platform and redirecting them to a phishing landing page where they were asked to enter their GitHub username and password.”
What do you think of this security breach? Please share your thoughts on any of the social media pages listed below. You can also comment on our MeWe page by joining the MeWe social network. Be sure to subscribe to our RUMBLE channel as well!