"Dropbox Discloses Breach After Hacker Stole 130 GitHub Repositories"

Dropbox has disclosed a security breach after threat actors stole 130 code repositories after accessing one of its GitHub accounts using stolen employee credentials. Dropbox's investigation discovered that the code accessed by the threat actors contained some credential information, primarily Application Programming Interface (API) keys used by Dropbox developers. A few thousand names and email addresses belonging to Dropbox employees, current and past customers, sales leads, and vendors were also included in the code and data surrounding it. The breach resulted from a phishing attack involving emails impersonating the CircleCI continuous integration and delivery platform and the redirection of victims to a phishing landing page where they were asked to enter their GitHub username and password. Employees were also asked to use their hardware authentication key to pass a One Time Password (OTP) on the same phishing page. This article continues to discuss the Dropbox breach that resulted in the theft of 130 code repositories. 

Bleeping Computer reports "Dropbox Discloses Breach After Hacker Stole 130 GitHub Repositories"