![]() ![]() While the attack may have been effectively contained, news of a Dropbox breach set off some alarms across the internet, prompting Forbes magazine to shoot down the worst fears. In conclusion, the company said: “We take our commitment to protecting the privacy of our customers, partners, and employees seriously, and while we believe any risk to them is minimal, we have notified those affected.”Ĭontacted by CRN, a representative for Dropbox referred to the company’s blog post regarding further questions about the breach incident. It added: “At no point did this threat actor have access to the contents of anyone’s Dropbox account, their password, or their payment information.” ![]() Trying to minimize the scope and severity of the attack, Dropbox added that “for context, Dropbox has more than 700 million registered users.” Because we take our commitment to security, privacy, and transparency seriously, we have notified those affected and are sharing more here.”īut Dropbox did acknowledge that its investigation found that the “code accessed by this threat actor contained some credentials-primarily, API keys-used by Dropbox developers.”Īnd it noted that the “code and the data around it also included a few thousand names and email addresses belonging to Dropbox employees, current and past customers, sales leads, and vendors.” We believe the risk to customers is minimal. “Our core apps and infrastructure were also unaffected, as access to this code is even more limited and strictly controlled. “No one’s content, passwords, or payment information was accessed, and the issue was quickly resolved,” the company said. “We were recently the target of a phishing campaign that successfully accessed some of the code we store in GitHub,” Dropbox said in its blog. The company then discovered that a “threat actor-also pretending to be CircleCI-accessed one of our GitHub accounts,” according to the blog post, referring to a similar phishing attack launched in September against GitHub itself. 14 of “some suspicious behavior” that began the previous day. ![]() In a blog post, the San Francisco-based file hosting service that’s been criticized in the past over security-related issues, said a successful phishing attack led to the theft of employee credentials, ultimately allowing threat actors to gain access to a GitHub account and steal 130 code repositories.ĭropbox said it was alerted by GitHub on Oct. Dropbox has disclosed a new security breach that led to threat actors gaining access to thousands of customers’ and others’ email addresses – but not their accounts, passwords, or payment information. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |