fbpx
Digital Phablet
No Result
View All Result
en_US EN
en_US EN nl_NL NL de_DE DE fr_FR FR it_IT IT tr_TR TR ar AR zh_CN ZH
  • Home
  • NewsLatest
  • Digital Trends
    • AI
    • Digital Marketing
  • Technology
    • Education Tech
    • Home Tech
    • Office Tech
    • Fintech
  • Social Media
  • Gaming
  • Smartphones
  • Crypto
  • DP Extra
    • Deals
    • Reviews
    • Interesting
    • How To
    • Stories
  • Home
  • NewsLatest
  • Digital Trends
    • AI
    • Digital Marketing
  • Technology
    • Education Tech
    • Home Tech
    • Office Tech
    • Fintech
  • Social Media
  • Gaming
  • Smartphones
  • Crypto
  • DP Extra
    • Deals
    • Reviews
    • Interesting
    • How To
    • Stories
No Result
View All Result
Digital Phablet
No Result
View All Result
Home News

Dropbox’s login and other crucial details leaked in a phishing attack

Despite malicious actors successfully accessing some of its code on GitHub, the cloud storage service insists that all customer information is secure

Rebecca Fraser by Rebecca Fraser
November 3, 2022
in News
Reading Time: 5 mins read
0
dropbox

Photo via ijeab

Share on FacebookShare on TwitterShare on WhatsAppShare on LinkedIn

Dropbox has publicly disclosed how a phishing campaign hijacked one of its GitHub accounts and compromised code and data by impersonating the code integration and delivery platform CircleCI.

A few employees, customers, sales leads, and vendors were accessed, including API keys used by Dropbox’s developers.

CircleCI had previously been impersonated in a similar phishing campaign by threat actors.

Dropbox said the issue was quickly resolved. No content, passwords, or payment info was accessed. Since we have even more restricted access, we didn’t lose access to our core apps or infrastructure.

“We don’t think customers are at risk.” This threat actor accessed no Dropbox account, password, or payment information.”

In a statement, the firm said: “We’re committed to protecting our customers, partners, and employees’ privacy, and though we think any risk to them is minimal, we notified them.”

The breach was discovered in mid-October when Dropboxers received emails that seemed to come from CircleCI, which Dropbox uses for “selected internal deployments.” Others made it through Dropbox’s cyber dragnet, even though some of these emails were intercepted and quarantined.

To get a one-time password, recipients had to go to a fake CircleCI login page, enter their GitHub username and password, and use their hardware authentication key. From there, the threat actor was able to copy 130 code repositories.

Dropbox got notified by GitHub on 14 October, and the threat actor was kicked out that same day. After that, Dropbox’s security team rotated exposed credentials and found out what data was accessed.

The company’s investigation and monitoring, backed by a third-party cyber forensics team, have not found evidence of successful abuse.

There’s no way humans can detect every phishing lure, said the firm. It’s a fundamental part of their job to click links and open attachments. A carefully crafted message delivered at the right time and place can fool even the most skeptical, vigilant professional. Phishing is so effective because of this – and technical controls are the best protection against them. The more sophisticated threats get, the more critical these controls are.

Keeping Dropbox trustworthy is our team’s top priority. We hold ourselves to a higher standard, even though this threat actor had limited access. We’re sorry we fell short and apologize if you were inconvenienced.”

Dropbox is now adopting WebAuthn for credential management due to the cyber attack, which it described as the “gold standard” of multi-factor authentication (MFA). After the attack, it adopted WebAuthn MFA, and customers can use it.

The popularity of phishing keeps growing among hackers as other security measures improve while it remains effective and cheap,” said Outpost24’s Martin Jartelius.

“There are a few ways to circumvent those threats, such as using password managers integrated into browsers, so they won’t submit passwords in phishing attempts if they don’t have a matching domain.” In the same vein, YubiKeys can be used to validate the site identity for the second factor.”

Jartelius said: “We can note here that while the user affected had to access most developers’ repositories, it didn’t include the core product repositories. Less great is that personal data for staff and partners were stored in git repositories. I hope this only pertains to developer contact information, but the information released isn’t exactly clear.”

Cybereason’s Sam Curry says that Dropbox’s ultimate role as a “super-aggregator of data” makes it an attractive and potentially highly lucrative target for hackers, so it should make itself harder to hack.

To avoid being a victim, they need to do much better security than an average company of their size and revenue.

From the outside looking in, it looks like Dropbox knows its weaknesses and is accelerating plans to improve identity security and authentication.

Keep going, look for single points of failure, be transparent post-incident, update risk assessments, learn lessons, and always keep customers and partners in mind. You’ll go down in history as a hero or a villain, never as a victim, so be a hero.”

Source: Dropbox
Tags: CybersecurityDropboxSecurity
Previous Post

[DEAL] Duct Cleaning Services in Canada [40% Flat Off 2023]

Next Post

Research shows that smartphones are 10 times dirtier than toilet seats

Rebecca Fraser

Rebecca Fraser

Rebecca covers all aspects of Mac and PC technology, including PC gaming and peripherals, at Digital Phablet. Over the previous ten years, she built multiple desktop PCs for gaming and content production, despite her educational background in prosthetics and model-making. Playing video and tabletop games, occasionally broadcasting to everyone's dismay, she enjoys dabbling in digital art and 3D printing.

Related Posts

Linda Yacccarino
News

What is Linda Yacccarino Salary At Twitter?

May 13, 2023
imran khan arrest vpn pakistan
News

VPN Usage Increased By 90% In Pakistan After Imran Khan’s Arrest

May 10, 2023
king charles coronation 2023
News

Watch King Charles’ Coronation Live: Where to Watch

May 5, 2023
Elon Musk TruthGPT
News

Elon Musk To Launch TruthGPT to Combat ChatGPT’s Fake Information

April 19, 2023
Twitter Users Can Now Monetize Their Tweets
News

Twitter Users Can Now Monetize Their Tweets

April 15, 2023
Italy Bans ChatGPT
News

Italy Bans ChatGPT Over Alleged Data Breach

April 2, 2023
Next Post
smartphones dirtier than toilet seats

Research shows that smartphones are 10 times dirtier than toilet seats

Subscribe
Connect with
I allow to create an account
When you login first time using a Social Login button, we collect your account public profile information shared by Social Login provider, based on your privacy settings. We also get your email address to automatically create an account for you in our website. Once your account is created, you'll be logged-in to this account.
DisagreeAgree
Notify of
guest

Connect with
I allow to create an account
When you login first time using a Social Login button, we collect your account public profile information shared by Social Login provider, based on your privacy settings. We also get your email address to automatically create an account for you in our website. Once your account is created, you'll be logged-in to this account.
DisagreeAgree
guest

0 Comments
Inline Feedbacks
View all comments

digital phablet google news 1

Subscribe via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Facebook Twitter Instagram
  • youtube video downloader

    Best Youtube Video Downloader (for 1080, 4k Quality) 2023

    0 shares
    Share 0 Tweet 0
  • OnlyFans Payment Methods 2023: Accepted Cards, Cryptocurrencies, and More

    0 shares
    Share 0 Tweet 0
  • Tesla Pi Smartphone Price, Release Date, Specification – BUY CHEAP!

    1 shares
    Share 0 Tweet 0
  • Unblocked Games 66, 67, 76, 911, 77, wtf, 66 ez, 69 for School

    0 shares
    Share 0 Tweet 0
  • Assassin’s Creed Mirage System Requirements 2023

    0 shares
    Share 0 Tweet 0
  • Jockie Music Bot: How To Add To Discord (With Commands)

    0 shares
    Share 0 Tweet 0
  • GTA 6 To Have 750GB Download Size and 400 Hours Of Content

    1 shares
    Share 0 Tweet 0
  • What is a Sigma Male? How to become one? (with Definition and Meaning)

    1 shares
    Share 0 Tweet 0
  • About Us
  • Contact Us
  • Advertise
  • Write For Us
  • Privacy Policy
Duplication or copying the content is not allowed.

© 2023 All Rights Reserved. Digital Phablet

No Result
View All Result
  • Home
  • News
  • Digital Trends
    • AI
    • Digital Marketing
  • Technology
    • Education Tech
    • Home Tech
    • Office Tech
    • Fintech
  • Social Media
  • Gaming
  • Smartphones
  • Crypto
  • DP Extra
    • Deals
    • Reviews
    • Interesting
    • How To
    • Stories

© 2023 All Rights Reserved. Digital Phablet

wpDiscuz
en_USEnglish
nl_NLDutch de_DEGerman fr_FRFrench it_ITItalian tr_TRTurkish arArabic zh_CNChinese en_USEnglish