Dropbox reported a cyber attack on 1 November 2022 which they are investigating as they cannot yet tell how the bad actor gained access. The attacker not only garnered the names and email addresses of Dropbox employees, they also managed to access source code. So far, the number of users affected has not been released, but it would be wise to change your password if you have an account.
This is very worrying for any user of Dropbox, coming as it does after the email addresses and hashed passwords of more than 68 million users were leaked in 2020.
The latest data breach happened after a phishing campaign in which the attacker claimed to be CircleCI, a known and trusted correspondent. Employees were asked to login to CircleCI and input their GitHub username, password and hardware authentication key. Unfortunately it was a fake login page. (Terranova, 2022)
This is a timely reminder that all companies are vulnerable and that there should be security measures in place. We can help set up security and monitoring for a small monthly fee, which should weed out most of these types of attack, but employees must continue to be vigilant.
How do employees know what to look out for? Training is the very best defence and this training must be updated continuously as attacks become increasingly sophisticated. We can provide this training – it can be general awareness training delivered via webinar to a group of solopreneurs or maybe an in-depth series of targetted workshops for an individual organisation. Such workshops would include simulated phishing attacks likely to be experienced by different departments or specialists within the company, the circulation of the correct contact details for suppliers and clients so that staff can be on the lookout for spoofing of domains, and the development of policies and procedures, amongst other things.
Diana Catton MBA – by line and other articles
References
Terranova. (2022). The Recent Dropbox Breach and What We Can Learn From It. Cyber Security Awareness. Retrieved November 23, 2022, from https://terranovasecurity.com/dropbox-breach/