Dropbox confirms breach of some GitHub hosted code repositories
As news breaks of Dropbox apparently falling victim to hackers in October, here’s what actually happened.
The hugely popular Dropbox file-hosting service has been hacked. Or, at least, you could be forgiven for thinking that, given the story that is currently starting to break following a November 1 posting by the Dropbox security team.
That Dropbox security team posting confirms that a threat actor did, indeed, get access to some Dropbox source code. However, this code was contained within 130 GitHub code repositories.
How did a threat actor breach Dropbox’s GitHub code repository security?
Like many organizations, Dropbox uses GitHub to host several private repositories. At the start of October, the Dropbox security team became aware of a phishing campaign apparently targeting staff. The phishing email purported to originate from the code integration and delivery platform, CircleCI; a company used by Dropbox for specific internal code deployments. “While our systems automatically quarantined some of these emails, others landed in Dropboxers’ inboxes,” the report says.
These used a realistic-looking template directing the recipients to what appeared to be a CircleCI login page where they were directed to enter GitHub account credentials. Although protected by a second authentication factor, in this case, a hardware authentication system to generate a one-time password, the threat actor was able to eventually succeed in using both to access “one of our GitHub organizations where they proceeded to copy 130 of our code repositories,” the security team confirms.
On October 14, GitHub alerted Dropbox to suspicious behavior beginning the previous day. The threat access was disabled the same day and Dropbox security teams “took immediate action to coordinate the rotation of all exposed developer credentials and determine what customer data, if any, was accessed or stolen.”
Dropbox also brought in external forensic teams to verify the investigation findings, reporting the incident to law enforcement and the relevant regulators.
What Dropbox data was accessed?
So, what did the threat actor get access to? The Dropbox security team says that “these repositories included our own copies of third-party libraries slightly modified for use by Dropbox, internal prototypes, and some tools and configuration files used by the security team. Importantly, they did not include code for our core apps or infrastructure. Access to those repositories is even more limited and strictly controlled.”
Importantly, it is confirmed that at no time did the threat actor have access to anyone’s Dropbox account, passwords or payment information. “Our investigation has found that the code accessed by this threat actor contained some credentials, primarily API keys, used by Dropbox developers. The code and the data around it also included a few thousand names and email addresses belonging to Dropbox employees, current and past customers, sales leads, and vendors,” the statement says. By way of context, Dropbox has more than 700 million registered users. Those whose email details may have been accessed have been informed by Dropbox already.
Stay connected with us on social media platform for instant update click here to join our Twitter, & Facebook
We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.
For all the latest Technology News Click Here
