A massive phishing campaign targeting GitHub users convinced at least one developer at Dropbox to enter in their credentials and a two-factor authentication code, leading to the theft of at least 130 software code repositories.

According to a Dropbox advisory on Nov. 1, the mid-October attack consisted of emails that appeared to be from CircleCI, a popular DevOps platform, and directed Dropbox employees to go to a fake login page, enter in their GitHub credentials, and then enter in the one-time password created by a hardware key.