Dropbox admits 130 of its private GitHub repos were copied after phishing attack

14 points by 0xmohit 2 years ago | 4 comments
  • sgarman 2 years ago
    Does anyone have any idea how the hardware key part worked? I was under the impression my yubikey would only send a key for a specific URL so there would be no way to just forward the key to actual github because it would be for the wrong domain.
    • cwinq 2 years ago
      some details on this breach: https://blog.gitguardian.com/dropbox-breach-hack-github-circ...
      • dieselhead 2 years ago
        Should we expect a source code dump soon?
        • jimmyspice 2 years ago
          No need

          For a Linux user, you can already build such a system yourself quite trivially by getting an FTP account, mounting it locally with curlftpfs, and then using SVN or CVS on the mounted filesystem. From Windows or Mac, this FTP account could be accessed through built-in software.