Part of the Dropbox code was stolen in a phishing attack. The company itself has announced this.
Online vault service Dropbox says attackers have accessed and copied some 130 of the company’s private repositories at Github. As a result, the source code and some of Dropbox’s API data were stolen. However, customer data, passwords and payment information would not have been stolen. “We believe the risk to customers is minimal,” Dropbox said in a statement.
The leak was discovered on October 13 when Github noticed suspicious behaviour with Dropbox’s corporate account. After an investigation, Dropbox now says it has been the victim of a phishing attack. The attackers created a fake login page for the coding platform CircleCl. Dropbox employees use the same login in Github as they do in CircleCl, so that way, the attackers could steal account information for Github.
On October 14, the security vulnerability was boarded up again, and Dropbox says it has changed all API credentials and developer logins in recent weeks. No code for essential apps or infrastructure was leaked in the attack.