Popular file hosting service Dropbox recently suffered a data breach that gave threat actors access to 130 of its code repositories. This was after Dropbox employees fell victim to a phishing scam.
Dropbox recently announced that it suffered a security breach after cybercriminals gained access to one of its GitHub accounts through a phishing scam, resulting in 130 code repositories stolen.
According to the company, the breach was back on October 14 when GitHub alerted Dropbox to a suspicious account behavior that began the previous day. In its investigation, Dropbox found that a threat actor was impersonating the code integration and delivery platform CircleCI, which multiple Dropbox employees use.
In the phishing message, the recipient is asked to sign in to their GitHub account through CircleCI and accept the latter’s new terms of use and privacy policy to continue using the service.
