Dropbox has disclosed information about an incident in which attackers gained access to 130 private repositories hosted on GitHub. It is alleged that the compromised repositories contained forks from existing open source libraries modified for Dropbox's needs, some internal prototypes, as well as utilities and configuration files used by the security team. The attack did not affect repositories with code for basic applications and key infrastructure elements, which were developed separately. The analysis showed that the attack did not lead to a leak of the user base or compromise of the infrastructure.
Access to the repositories was obtained as a result of intercepting the credentials of one of the employees who became a victim of phishing. The attackers sent the employee a letter under the guise of a warning from the CircleCI continuous integration system with a requirement to confirm agreement with changes to the rules of service. The link in the email led to a fake website styled to resemble the CircleCI interface. The login page asked to enter a username and password from GitHub, as well as use a hardware key to generate a one-time password to pass two-factor authentication.
Source: opennet.ru