Need to see if your shared folder is taking up space on your dropbox 👨‍💻? Find out how to check here.

Forum Discussion

phla's avatar
phla
Explorer | Level 4
3 months ago

Someone accessed my Dropbox account and I can't get help

Dropbox Plan
Professional
Are you a Team Member or Admin?
No
Do you have access to the email linked to the account?
Yes
Are there any devices connected to your Dropbox account?
Phone, tablet, work laptop

Question or Issue
A few days ago, My Dropbox account was hacked by an individual calling themselves Samuel Shimb (see screenshot below).

They managed to get access to my account even with 2FA enabled (via SMS)!

I want to make people aware of this and the fact that, when I raised this to Dropbox's chat and Support people, they downplayed it and said they's pass it along to their colleagues. Even when I mentioned in my communication with them that I had 2FA enabled, but did not receive any 2FA OTP, in their responses, they still went ahead to say that I must enable 2FA.

I have been asking for escalations without any assistance on this matter.

I am a paying Dropbox Professional customer, and I want to know how someone accessed my account outside of the normal authentication flow. Even if the hacker managed to obtain my Dropbox password (which I was not using anywhere else by the way), I want to know how they bypassed the 2FA. There were no indications in my GMail inbox of someone trying to reset my Dropbox password (so the hacker did not gain access to my email account first). I was able to login normally using my Dropbox account even after the attack.

This has resulted in sensitive information being exposed to an attacker whose intentions I do not know, including work files. However, Dropbox staff have been downplaying this isse. Maybe because this could be a vulnerability on the side of Dropbox and they won't admit that.

account access
security
two factor authentication

11 Replies

Show More
  • Emma's avatar
    Emma
    Icon for Community Manager rankCommunity Manager
    3 months ago

    Hi phla​

    Thank you for reaching out to us and for your patience while we’ve investigated this situation.

    We know how stressful it can be to face issues with your Dropbox account, and we want to help you get back on track as quickly as possible. We’re also looking into your support requests and you’ll be hearing directly from a support agent shortly to troubleshoot further.

    From our investigation, it looks like there are few possible reasons that could explain what happened here. Below, we’ve outlined the most likely scenarios along with clear steps you can follow right away to secure your account.

    How this might have happened

    Someone would need both your email address and password to access your Dropbox account or change your login details. This can happen in a few ways:

    • Phishing: Attackers sometimes create very convincing emails or websites that look legitimate, making it difficult to spot they’re fake. If this happened, they may have obtained your login details that way.
    • Email account access: If someone gained access to your email, they could reset your Dropbox password.
    • Reused passwords: If you used the same password on another service that was breached, attackers may try it on Dropbox. (I note that this is not your case, phla​, as you didn’t use your Dropbox password anywhere else).
    • Shared passwords: If you gave your login details to someone else, they may have used them to sign in.
    • Password guessing: Someone could have correctly guessed your password.

    Steps to secure your Dropbox account

    Here are some important actions to take:

    1. Change your Dropbox password:
      • Use this link to reset it.
      • Choose a strong, unique password that you don’t use anywhere else.
    2.  Update your email password:
      • Make sure the email linked to your Dropbox account also has a strong, unique password.
    3.  Turn on two-factor authentication (2FA)
      • This adds an extra layer of protection by requiring a six-digit code in addition to your password when signing in. Learn more here: Enable 2FA.
      • I see you have 2FA enabled, phla​but worth double checking it’s all working correctly.
    4. Check your account activity:
    5.  Secure the Dropbox mobile app:
      • Add a passcode so it’s required every time you open the app. Learn how: Set up a passcode.
    6. Secure your computer:
      • Always require a password to log in, and set your device to require it again when waking from sleep or unlocking the screen.

    We recommend that you go through these steps to ensure your account is secured.

    If you notice anything else unusual after going through these steps or have additional details that could shed light on what happened, we'd appreciate you sharing them with us. We’re here to work with you to get this resolved and to keep your account safe.

    Emma

About Security and Permissions

Start a discussion in the Dropbox Community forum to get help with your account security and permissions. Find support from Community members.

The Dropbox Community team is active from Monday to Friday. We try to respond to you as soon as we can, usually within 2 hours.

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X, Facebook or Instagram.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!