File hosting service Dropbox said it has been a victim to a phishing attack that allowed an unauthorized party to access 130 of its source code repositories hosted on GitHub.
The company said that the attack was similar to an intrusion disclosed by GitHub in September, in which hackers accessed GitHub accounts by impersonating the code integration and delivery platform CircleCI.
Dropbox said that in early October multiple of its employees received phishing emails impersonating CircleCI that directed the recipients to a fake CircleCI login page where they were prompted to provide their GitHub username and password, and then use their hardware authentication key to pass a One Time Password (OTP) to the malicious site.
“This eventually succeeded, giving the threat actor access to one of our GitHub organizations where they proceeded to copy 130 of our code repositories. These repositories included our own copies of third-party libraries slightly modified for use by Dropbox, internal prototypes, and some tools and configuration files used by the security team. Importantly, they did not include code for our core apps or infrastructure. Access to those repositories is even more limited and strictly controlled,” the company explained.
Dropbox said that it found no evidence that any customer data was stolen as a result of the incident and that it rotated all exposed developer credentials.