Dropbox admits 130 of its private GitHub repos were copied after phishing attack

From theregister.com

Dropbox has said it was successfully phished, resulting in someone copying 130 of its private GitHub code repositories and swiping some of its secret API credentials.

The cloud storage locker on Tuesday detailed the intrusion, and stated “no one’s content, passwords, or payment information was accessed, and the issue was quickly resolved.”

“We believe the risk to customers is minimal,” the biz added.

The security snafu came to light on October 13 when Microsoft’s GitHub detected suspicious behavior on Dropbox’s corporate account. GitHub let Dropbox know the next day, and the cloud storage outfit investigated. Dropbox determined it had fallen victim to a phisher who had impersonated the code integration and delivery platform CircleCI.

Dropbox is a CircleCI user “for select internal deployment.” Dropbox employees use their GitHub accounts

Read more…