<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: No Response from Dropbox re: Compromised Accounts in Security and Permissions</title>
    <link>https://www.dropboxforum.com/t5/Security-and-Permissions/No-Response-from-Dropbox-re-Compromised-Accounts/m-p/779338#M15844</link>
    <description>&lt;P&gt;Hi Nancy,&lt;BR /&gt;Yes I can be reached at that email address.&lt;/P&gt;</description>
    <pubDate>Tue, 25 Jun 2024 20:16:12 GMT</pubDate>
    <dc:creator>MSP-SOC</dc:creator>
    <dc:date>2024-06-25T20:16:12Z</dc:date>
    <item>
      <title>No Response from Dropbox re: Compromised Accounts</title>
      <link>https://www.dropboxforum.com/t5/Security-and-Permissions/No-Response-from-Dropbox-re-Compromised-Accounts/m-p/779325#M15842</link>
      <description>&lt;P&gt;Over the past ~30 days, we have had several clients who have experienced misuse of their Dropboxes following a business email compromise event.&lt;/P&gt;
&lt;P&gt;These threat actors are doing the following:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;Successfully phish a user to gain access to their business email account&lt;/LI&gt;
&lt;UL&gt;
&lt;LI&gt;Download the users contact list&lt;/LI&gt;
&lt;LI&gt;Set a rule to hide incoming emails from Dropbox&lt;/LI&gt;
&lt;/UL&gt;
&lt;LI&gt;Create a new Dropbox account using the compromised business email address &lt;STRONG&gt;or&lt;/STRONG&gt; take over the users pre-existing Dropbox account by resetting the password&lt;/LI&gt;
&lt;UL&gt;
&lt;LI&gt;Reconfigured MFA / Enabled MFA&lt;/LI&gt;
&lt;LI&gt;Upload malicious files and share them using the stolen contact list &lt;EM&gt;from within Dropbox&lt;BR /&gt;&lt;BR /&gt;&lt;/EM&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;/UL&gt;
&lt;P&gt;While we are able to secure the users email account, we have been &lt;STRONG&gt;unable&lt;/STRONG&gt; to recover/reset/disable the malicious Dropbox accounts due to the threat actors changing the MFA.&lt;BR /&gt;This is extremely concerning as Admins cannot see when these malicious files are shared out, and the shares &lt;EM&gt;appear&lt;/EM&gt; legitimate to recipients because they come direct from the Dropbox domain and the sending accounts are tied to legitimate business email addresses.&lt;/P&gt;
&lt;P&gt;&lt;BR /&gt;&lt;STRONG&gt;I created a ticket &lt;/STRONG&gt;(#23873516) &lt;STRONG&gt;with the Dropbox Abuse division on &lt;FONT color="#FF0000"&gt;June 13, 2024&lt;/FONT&gt; and have not received any response.&lt;/STRONG&gt;&lt;BR /&gt;Please advise on what steps we must take to &lt;U&gt;&lt;STRONG&gt;shut down&lt;/STRONG&gt;&lt;/U&gt; these malicious Dropbox accounts and stop the spread of these attacks.&lt;/P&gt;</description>
      <pubDate>Tue, 25 Jun 2024 20:13:50 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Security-and-Permissions/No-Response-from-Dropbox-re-Compromised-Accounts/m-p/779325#M15842</guid>
      <dc:creator>MSP-SOC</dc:creator>
      <dc:date>2024-06-25T20:13:50Z</dc:date>
    </item>
    <item>
      <title>Re: No Response from Dropbox re: Compromised Accounts</title>
      <link>https://www.dropboxforum.com/t5/Security-and-Permissions/No-Response-from-Dropbox-re-Compromised-Accounts/m-p/779337#M15843</link>
      <description>&lt;P&gt;Hey &lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1850096"&gt;@MSP-SOC&lt;/a&gt;, I’m sorry to hear about this situation.&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Since this is an account security matter that needs to be investigated internally indeed, I can try to log a ticket for you and check this further.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Can I message you to the email address showing &lt;A href="https://www.dropbox.com/account/general" target="_blank"&gt;here&lt;/A&gt;?&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Let me know.&lt;/P&gt;</description>
      <pubDate>Tue, 25 Jun 2024 20:12:01 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Security-and-Permissions/No-Response-from-Dropbox-re-Compromised-Accounts/m-p/779337#M15843</guid>
      <dc:creator>Nancy</dc:creator>
      <dc:date>2024-06-25T20:12:01Z</dc:date>
    </item>
    <item>
      <title>Re: No Response from Dropbox re: Compromised Accounts</title>
      <link>https://www.dropboxforum.com/t5/Security-and-Permissions/No-Response-from-Dropbox-re-Compromised-Accounts/m-p/779338#M15844</link>
      <description>&lt;P&gt;Hi Nancy,&lt;BR /&gt;Yes I can be reached at that email address.&lt;/P&gt;</description>
      <pubDate>Tue, 25 Jun 2024 20:16:12 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Security-and-Permissions/No-Response-from-Dropbox-re-Compromised-Accounts/m-p/779338#M15844</guid>
      <dc:creator>MSP-SOC</dc:creator>
      <dc:date>2024-06-25T20:16:12Z</dc:date>
    </item>
    <item>
      <title>Re: No Response from Dropbox re: Compromised Accounts</title>
      <link>https://www.dropboxforum.com/t5/Security-and-Permissions/No-Response-from-Dropbox-re-Compromised-Accounts/m-p/779346#M15845</link>
      <description>&lt;P&gt;You’re all set, &lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1850096"&gt;@MSP-SOC&lt;/a&gt;. Please reply to my email, when possible, and we’ll take it from there.&lt;/P&gt;</description>
      <pubDate>Tue, 25 Jun 2024 20:58:54 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Security-and-Permissions/No-Response-from-Dropbox-re-Compromised-Accounts/m-p/779346#M15845</guid>
      <dc:creator>Nancy</dc:creator>
      <dc:date>2024-06-25T20:58:54Z</dc:date>
    </item>
  </channel>
</rss>

