By Hemaja Burud
After threat actors used employee login information obtained through phishing to steal 130 code repositories from one of Dropbox's GitHub accounts
No content, passwords, or payment information, according to the company, were accessed, and the problem was swiftly fixed.
When GitHub alerted the organisation to suspicious behaviour that began the day before the notice was given
as the executive team shrank to 14. The company has apparently let go of Richard Bell,
on October 14, the company learned that the account had been compromised by the attackers.
techbugfix.com
To date, our research has uncovered that some credentials—primarily, API keys—used by Dropbox engineers
techbugfix.com
were present in the code that this threat actor was able to access, the company said on Tuesday.
techbugfix.com
Because access to this kind of code is more restricted and tightly monitored, the company also disclosed that its essential applications and infrastructure were unaffected.
techbugfix.com
We have informed people affected and are sharing more here because we take our commitment to security, privacy, and openness seriously, Dropbox added.
techbugfix.com
In addition to reporting the incident to the proper law enforcement and authorities
techbugfix.com
the corporation also sought outside forensic experts to confirm its findings.
techbugfix.com
The Dropbox security hack "serves as a useful reminder for enterprises to search their source code repositories to look for any credentials stored in plain text
techbugfix.com