Dropbox gets hacked with phishing campaign losing 130 repositories

Reading time icon 3 min. read


Readers help support Windows Report. When you make a purchase using links on our site, we may earn an affiliate commission. Tooltip Icon

Read the affiliate disclosure page to find out how can you help Windows Report effortlessly and without spending any money. Read more

Key notes

  • Dropbox was targeted by a phishing campaign that targeted developer credentials.
  • The hackers managed to copy 130 of their repository files to log into their GitHub organizations.
  • They managed to steal the data while impersonating the CircleCI authentification platform.
Dropbox phishing campaign stolen repositories

You would think that with two-factor authentification you are safe, but things are not quite as they seem.

Dropbox has a successful but gritty story that tells us hackers are way past just stealing usernames and passwords but now, they are targeting multi-factor authentification codes.

Phishing is going beyond looting

As it seems, Dropbox was the victim of a phishing campaign that targeted some of the codes they stored in GitHub.

In the blog post, the officials say that no one’s password or information was stolen and that the situation was restored but that can teach us a valuable lesson.

However, that’s not the first time this happens. GitHub also posted about a recent phishing campaign where a wrongdoer accessed their accounts by disguising them as the CircleCI platform, their code integration, and their delivery agent.

Now, we’ve witnessed phishing campaigns before targeting Microsoft Mail users but that was all about stealing credentials.

130 repository codes were stolen

On October 14, 2022, GitHub alerted Dropbox about suspicious behavior that was happening on the day before, and after their investigation, they discovered the same culprit: We found that a threat actor—also pretending to be CircleCI—accessed one of our GitHub accounts, too.

However, they have also stated in the blog post that none of their over 700 million users’ accounts were in danger.

Instead, the wrongdoers managed to copy 130 of the code repositories used by developers.

As Dropbox added, These repositories included our own copies of third-party libraries slightly modified for use by Dropbox, internal prototypes, and some tools and configuration files used by the security team.

How did the whole scam work?

In early October, Dropbox users received phishing emails impersonating CircleCI and targeting Dopbox’s GitHub accounts.

So it’s not about the direct Dropbox accounts but the GitHub credentials for logging into CircleCI.

The Dropbox systems filtered some of the emails but some of them got through, instructing the employees to access a CircleCI fake login page with their GitHub credentials.

This is how the fake email would look like

The scam was finally successful and the hackers managed to get into one of Dropbox’s GitHub organizations where they stole some 130 code repositories.

Of course, they alerted about the scam and the hacker’s access to GitHub was disabled.

GitHub said that they immediately detected the hackers trying to access their platform using the stolen repositories.

Dropbox is investigating now if any of the user data was stolen or accessed and so should you if you’ve accessed this phishing website.

What do we learn from this? While two-factor or multi-factor authentification ads are a good measure of safety, not all these services are hacker-proof.

However, as with all phishing campaigns, it takes one to access a fake email and access a scamming website to favor the wrongdoer.

What we’re saying is that you should not open or go through with claims from an unsolicited email.

Apart from staying alert, using data protection software can help you limit the damage to a minimum.

Have you been a victim o phishing campaigns? Tell us about your experience in the comments section below.

More about the topics: dropbox