Dropbox was breached in 2022 due to a phishing attack that exploited an employee's use of a hardware key for authentication, which was not as secure as expected. The attackers gained access to 130 GitHub repositories containing sensitive API keys, potentially compromising customer data. This incident highlights the importance of safeguarding customer data and using robust authentication protocols, particularly when it comes to third-party APIs. The breach also underscores the need for companies to implement measures such as single source of truth secrets managers, scoped API keys, and identity-based authentication to limit damage in case of a breach. Furthermore, the use of hardware-backed authentication methods like U2F can help prevent phishing attacks, but it is still essential to be aware of potential vulnerabilities like downgrade attacks.