Need to see if your shared folder is taking up space on your dropbox 👨💻? Find out how to check here.
Forum Discussion
Solved
Got 2 different "security code" emails I didn't ask for. What's going on? Is my account compromised?
Two days ago I received an official Dropbox email saying: "Hi Charem, Finish signing in to Dropbox with this one-time security code: We noticed there was an attempt of signing in to your Dropbox acc...
I am glad to say that Thomas from Advanced Support was extremely MVP and emailed me back with a clear reply. Just in case this helps anyone that might float over to this thread, I'll share what he told me on this matter:
The first time you had received this, you had changed your Dropbox password, but it should be noted that these one time code emails can be sent when the incorrect password has been used when trying to enter the account. As such, if you have received such a message, even though you have changed your password recently, you may also want to consider changing your accounts associated email address.
This happens to prevent brute force guessing of user's passwords, but If there is anything else I can assist with in the meantime, please let me know.
...It's still worth noting to perform your security checks if you get an email such as the ones I did; you could still have a password breech on your hands. Be safe! But if you feel you are safe, then it is worth knowing that one-time code emails can indeed be sent about your Dropbox without any passwords being compromised, and can be just an indication of unsuccessful brute-force attempts of guessing your password. (I recommend changing your password just in case either way though!)
As the automated emails do not make this clear, I am so very glad Thomas did, and I hope this information helps someone else in the future. I'll mark this thread as resolved now. :)
I'd like to leave another message here as I feel dissatisfied with the help I've been getting on email. While I do appreciate the prompt interactions I've had with Dropbox staff, I don't feel anyone is truly listening to me or my very serious and important question, which is just not getting answered.
I was contacted via email, then told another person would contact me. They have, and reiterated general information I can look up myself, as well as advising things like changing my email, and notably, adding 2FA and changing my password.
While this is all good general security advice, that's not what I was seeking to get information on. In fact, that last two point, about 2FA and changing my password, particularly annoyed me. Because I've already done both of these things. (I am not changing my email because I'd actually like to watch out for these security codes coming in. Changing the email won't solve my issue, it would just make it harder to watch what's going on.)
Quick recap: I got a security code email that didn't come from my own attempts to login. I changed my password the moment I was aware that happened. Then two days later, I got a new security code email that didn't come from me. So I DID change my password already. What alarmed me was, how did that second security code request come through? The new password was unique and strong. How could they have hacked it so quickly?
But see, that's the question I need answered! Am I just making the ASSUMPTION that if I am getting a security code email from Dropbox, then that must mean that someone has successfully entered my email and correct password to generate that security code email. So:
- Is my assumption correct? Do security code emails only generate if someone CORRECTLY answered my email and pass?
- Is my assumption wrong? Can security code emails generate in circumstances other than someone correctly entering your password?
My entire internet security, beyond just my Dropbox account, hinges on knowing the answer to this.
I don't care about my stupid Dropbox account. I backed up its files. It could go explode for all I care. What I care about is my Google account, my many other side accounts, and everything else that I'm going to need to figure out HOW is compromised, if my assumption is correct.
Because I just changed the Dropbox password, and then I got a new security code email following that not two days later. And that is bloody alarming. And that is why I need my question answered. To know if my assumption is correct, or incorrect.
Please. Somebody who knows the answer to this. Just let me know this one answer. Please.
