Dropbox reveals a security hole

By Hemaja Burud

After threat actors used employee login information obtained through phishing to steal 130 code repositories from one of Dropbox's GitHub accounts

No content, passwords, or payment information, according to the company, were accessed, and the problem was swiftly fixed.

When GitHub alerted the organisation to suspicious behaviour that began the day before the notice was given

 as the executive team shrank to 14. The company has apparently let go of Richard Bell,

on October 14, the company learned that the account had been compromised by the attackers.

To date, our research has uncovered that some credentials—primarily, API keys—used by Dropbox engineers

 were present in the code that this threat actor was able to access, the company said on Tuesday.

Because access to this kind of code is more restricted and tightly monitored, the company also disclosed that its essential applications and infrastructure were unaffected.

We have informed people affected and are sharing more here because we take our commitment to security, privacy, and openness seriously, Dropbox added.

In addition to reporting the incident to the proper law enforcement and authorities

 the corporation also sought outside forensic experts to confirm its findings.

The Dropbox security hack "serves as a useful reminder for enterprises to search their source code repositories to look for any credentials stored in plain text