Dropbox Hacked - Phishers Access Internal Resources
Phishers have broken into the infrastructure of cloud storage provider Dropbox and accessed internal GitHub code repositories, Dropbox has revealed in a notice.
In September, GitHub shared with its clients that an unknown threat actor was impersonating code integration and delivery platform CircleCI. Dropbox employees use their GitHub credentials to also log into and work in the CircleCI environment.
On Oct. 14, Dropbox learned it was targeted with a similar - if not the same - phishing lure, prompting GitHub to alert the cloud storage outfit of the mischief. Apparently, that notice arrived too late.
“Upon further investigation, we found that a threat actor—also pretending to be CircleCI—accessed one of our GitHub accounts, too,” Dropbox disclosed.
‘A few thousand’ potentially compromised
The code the hacker(s) accessed contained credentials used by Dropbox developers, as well as “a few thousand names and email addresses belonging to Dropbox employees, current and past customers, sales leads, and vendors.”
The company clarifies it has more than 700 million users on record, seemingly to downplay the event. But that doesn’t mean ‘thousands’ can suddenly be considered a small figure - especially if those people actually end up compromised by the hack.
Customer Dropbox contents safe
It also clarifies that, “at no point did this threat actor have access to the contents of anyone’s Dropbox account, their password, or their payment information” - at least to the company’s knowledge at this stage of the investigation.
“We take our commitment to protecting the privacy of our customers, partners, and employees seriously, and while we believe any risk to them is minimal, we have notified those affected,” Dropbox says.
Dropbox to harden security defenses
Dropbox revoked the threat actor’s access to GitHub on the day it learned of the suspicious activity. Its security teams quickly started to rotate all exposed developer credentials and began an investigation to determine what customer data—if any—was accessed or stolen. After reviewing its logs, Dropbox found no evidence of successful abuse.
The company has hired outside forensic experts to verify its findings and is now hardening its defenses by accelerating adoption of WebAuthn.
Finally, Dropbox has reported the event to regulators and law enforcement.
Users who notice suspicious behavior on their account are instructed to report the activity at dropbox.com/report_abuse.
Bitdefender Digital Identity Protection offers continuous monitoring of your online accounts and fires out an instant alert when your personal information is at risk, complete with instructions on how to address the issue.
How to monitor your online privacy during your Thanksgiving trip
November 22, 2022
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info
November 16, 2022
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be
November 14, 2022
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War
August 31, 2022
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor
August 30, 2022
What is medical identity theft and how to protect against it
July 27, 2022