Dropbox recently announced that it suffered a security breach after cybercriminals gained access to one of its GitHub accounts through a phishing scam, resulting in 130 code repositories stolen.
According to the company, the breach was back on October 14 when GitHub alerted Dropbox to a suspicious account behavior that began the previous day. In its investigation, Dropbox found that a threat actor was impersonating the code integration and delivery platform CircleCI, which multiple Dropbox employees use.
To make things worse, the recipient is also asked to use their hardware authentication key to provide a One Time Password (OTP) to the malicious site.
This scheme eventually succeeded, with the attackers gaining access to one of Dropbox's GitHub organizations and stealing 130 of its code repositories. According to Dropbox, these repositories included copies of third-party libraries slightly modified for use by the company, internal prototypes, and some tools and configuration files used by their security team. Fortunately, code for Dropbox's core apps or infrastructure was not affected by the breach. Dropbox also added that the threat actor did not have access to the contents of their customers' Dropbox account, password, or payment information.
In response to the incident, Dropbox said that they are accelerating their adoption of WebAuthn. WebAuthn is a browser-based application programming interface that enables secure user authentication by using registered devices like phones and laptops as passwords.