Home Security Hackers Unauthorizedly Accessed 130 GitHub Supply Code Repositories

Hackers Unauthorizedly Accessed 130 GitHub Supply Code Repositories

by crpt os


File hosting service Dropbox on Tuesday disclosed that it was the victim of a phishing campaign that allowed unidentified threat actors to gain unauthorized access to 130 of its source code repositories on GitHub.

“These repositories included our own copies of third-party libraries slightly modified for use by Dropbox, internal prototypes, and some tools and configuration files used by the security team,” the company revealed in an advisory.

The breach resulted in the access of some API keys used by Dropbox developers as well as “a few thousand names and email addresses belonging to Dropbox employees, current and past customers, sales leads, and vendors.”

It, however, stressed that the repositories did not contain source code related to its core apps or infrastructure.

Dropbox, which offers cloud storage, data backup, and document signing services, among others, has over 17.37 million paying users and 700 million registered users as of August 2022.

The disclosure comes more than a month after both GitHub and CircleCI warned of phishing attacks designed to steal GitHub credentials through fake notifications purporting to be from the CI/CD platform.

The San Francisco-based firm noted that “multiple Dropboxers received phishing emails impersonating CircleCI” in early October, some of which slipped through its automated spam filters to land in employees’ email inboxes.

“These legitimate-looking emails directed employees to visit a fake CircleCI login page, enter their GitHub username and password, and then use their hardware authentication key to pass a One Time Password (OTP) to the malicious site,” Dropbox explained.

CyberSecurity

The company did not reveal how many of its employees fell for the phishing attack, but said it took prompt action to rotate all exposed developer credentials and that it alerted law enforcement authorities.

It also said it found no evidence that any customer data was stolen as a result of the incident, adding it’s upgrading its two-factor authentication systems to support hardware security keys for phishing resistance.

“vigilant professionals can fall prey to a carefully crafted message delivered in the right way at the right time,” the company concluded. “This is precisely why phishing remains so effective.”





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex