Need to see if your shared folder is taking up space on your dropbox đšâđ»? Find out how to check here.
Forum Discussion
Received 3 2FA emails in one minute, but 2FA was not enabled on my account
Hi all,
A strange thing happened today, I've received 3 emails in sequence with content:
Hi [MY FIRST NAME],
Finish signing in to Dropbox with this one-time security code...
Hi Jay , does it mean someone typed my email in dropbox, and then typed the incorrect password?
Or is there any other scenario in which that one time code could be triggered?
Jay
Dropbox Community Moderator
Dropbox Community ModeratorThat's correct, though aside from this, there are other items that Dropbox uses to detect a suspicious login attempt.
- So they have âmethodsâ to detect suspicious activity but apparently me trying to login using a VPN from a location I havenât ever been before isnât âsuspiciousâ enough to trigger an OTP email?
Iâm not buying it, if I had initially received just a single email then Iâd most likely ignore it, perhaps change my password but nothing to get worked up about.
But that fact that me and MANY others received not 1, not 2 but THREE consecutive emails with OTPâs in the span of a minute is insanely (as youâd put it) âsuspiciousâ.
We want answers and transparency, this was not someone trying to login using just the email on the off-chance because Iâve already attempted to replicate that, I didnât receive a single email no matter how many times I tried it or wherever I moved the VPN to.
Randy90 wrote:
We want answers and transparency, this was not someone trying to login using just the email on the off-chance because Iâve already attempted to replicate that, I didnât receive a single email no matter how many times I tried it or wherever I moved the VPN to.Yeah I tried as well from a VM created in another country from where I am. The front end doesn't trigger it with an invalid password. Maybe one of the API endpoints does but it is not worth my time to setup a developer account just to test this.
At this point I am just going to delete my account. Even if my account wasn't compromised, and somehow believe the "Just ignore this" email we got 3 times in a row is just their internal system sending emails in error, I just can't trust them anymore. For all we know they had an internal breach, and they just haven't disclosed it yet.
I also believe there can be a leak, that they decided to not disclose in order to protect their reputation.
I also decided to delete all my files from dropbox given the lack of transparency in the topic.
