Because we take our commitment to security, privacy, and transparency seriously, we have notified those affected and are sharing more here,” and importantly they have also stated that “We also reviewed our logs, and found no evidence of successful abuse”. The full extent of the breach is unknown at this time because the source code the hacker has stolen has not been released and Dropbox has not confirmed what system the API keys and other credentials could access.ĭropbox said in a statement “We believe the risk to customers is minimal. Phishing email sent by the attacker What Data was Hacked during this Security Breach? We also know that a very similar attack was happening around the same time in the wider GitHub community, also faking a CircleCI email and login screen, so it is suspected but not confirmed this was the same threat actor. “This attack shows how threat actors are conducting more and more sophisticated attacks to gain access to developers tools which are known to contain sensitive information” Mackenzie Jackson - Security Advocate The fact that the attacker seemingly knew Dropbox used CircleCI and was able to communicate with a hardware key and pass the one-time password to the attacker shows a higher level of sophistication. This attack wasn’t simply just a spray-and-pray phishing campaign that would come from a low-sophistication attack. The next steps the attacker took are not immediately clear at this time, but in similar attacks, the attacker then searched for sensitive information like secrets to move laterally into more sensitive systems.The attacker cloned 130 internal repositories, consisting of both public and private code.The attacker would use the OTP and credentials provided by the user to gain access the victim's GitHub account.The imitation site also prompted users to enter a One-Time Password (OTP), generated by their hardware authentication key,.CircleCi allowed users to log in with GitHub credentials. The phishing email took the victim to an imitation CircleCI login page where the user entered their GitHub credentials.The attacker sent a widespread phishing email imitating CircleCI, a popular CI/CD platform used internally by Dropbox.The Dropbox attack through phishing flowchart While the repos may not be connected to their core applications, Dropbox did admit that some plain text secrets, including API keys and other credentials, were inside the code along with a “few thousand names and email addresses belonging to Dropbox employees”. Dropbox claims these code repositories were not connected to their core applications, instead that these repo's contained modified third-party libraries, internal prototypes, and other internal tools. That compromised developer in turn provided the attacker with access to approximately 130 internal code repositories. How did the Dropbox Data Breach Happen?Ī threat actor gained access to a GitHub account belonging to a Dropbox developer who had fallen for a phishing attempt. This article will explain exactly what has happened, what has NOT happened, and what the potential impact is for Dropbox users. On November 1st 2022, Dropbox has confirmed they suffered a data breach involving a bad actor gaining access to credentials, data, and other secrets inside their internal GitHub code repositories.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |