A fisherman casts his net

Phishermen Reel In Dropbox’s Non-public Github Repos

Posted on

Dropbox, the cloud storage supplier, has introduced (opens in new tab) it has been the goal of a phishing assault that efficiently accessed its non-public GitHub repos. GitHub was capable of rapidly notify Dropbox of the assault, and no buyer knowledge or passwords have been affected.

(Picture credit score: Dropbox.com)

The information breach came about on October 13, with Dropbox changing into conscious that issues have been amiss the following day. The attackers impersonated the CircleCI integration and supply platform that may be logged into utilizing GitHub credentials, bombarding Dropbox employees with realistic-looking phishing emails. Lots of them have been blocked by Dropbox’s inside techniques, however some received by means of – sufficient, it appears, for a minimum of one worker to go to a faux CircleCI login web page, enter their GitHub credentials, and use a {hardware} authentication key to go a one-time password to the malicious web site.

Supply hyperlink

Leave a Reply

Your email address will not be published. Required fields are marked *