Dropbox revealed information about which attackers gained access to 130 private repositories placed on GitHub. It is argued that compromised repositories contained branches modified for the needs of Dropbox from existing open libraries, some internal prototypes, as well as utilities and configuration files used for safety. The attack did not affect the repositories with the code of basic applications and key infrastructure elements, which were developed separately. The analysis showed that the attack did not lead to a leakage of the user base and compromise of the infrastructure.
Access to repositories was obtained as a result of interception of the accounts of one of the employees who became the victim of Fishing. Attackers sent a letter to the employee under the guise of warning from the Circleci continuous integration system with a request to confirm consent with changes in the rules of the service. The link from the letter led to a fake site stylized under the Circleci interface. On the entrance page, it was proposed to enter a login and password with GitHub, as well as use a hardware key to form a one -time password to pass two -factor authentication.