cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community
English
Announcements
What’s new: end-to-end encryption, Replay and Dash updates. Find out more about these updates, new features and more here.

Create, upload, and share

Find help to solve issues with creating, uploading, and sharing files and folders in Dropbox. Get support and advice from the Dropbox Community.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Data Breach with DB Business

Labels:

Data Breach with DB Business

sullivanlawaz
Explorer | Level 3
‎04-11-2022 09:30 AM

Our firm in the past used DB business to share documents.  Recently, a link provided to an opposing party, when clicked on, allowed access to other client's documents (not shared or associated with the link).  Has this happened tp anyone else? How is it even possible?

Labels:
  • 0 Likes
  • 15 Replies
  • 1,182 Views
0 Likes
15 Replies 15

Mark
Super User II
‎04-11-2022 09:39 AM

Who clicked on the link and have you actually seen this? 

 

Its actually quite a common comment on here that Person A creates link and clicks to test and then panics when they realise they can see everything - but thats only because when theyve clicked on it Dropbox knows its them so shows it as though they are logged in (as they are!). Same would happen if it was somebody else on the team. 


 


:penguin::penguin: - :penguin: - :penguin: - :penguin:


Heart Did this post help you? If so please mark it for some Kudos below. 


:white_check_mark: Did this post fix your issue/answer your question? If so please press the 'Accept as Solution' button to help others find it.


:arrows_counterclockwise: Did this post not resolve your issue? If so please give us some more information so we can try and help - please remember we cannot see over your shoulder so be as descriptive as possible! 


 

0 Likes

sullivanlawaz
Explorer | Level 3
‎04-11-2022 10:21 AM

The opposing party clicked on it and was able to see documents for my other clients, not related to his case.  Each time the link was clicked, a different client's documents were accessed.  It was a major confidentiality breach, and I'm having to respond to the State Bar about it.

0 Likes

Hannah
Dropbox Staff
‎04-14-2022 05:18 PM

Hey @sullivanlawaz, thanks for posting to our Community.

 

This is quite a strange situation. 

 

First of all, please know that a Dropbox shared link can be deleted at any time, to make sure that no-one can access the contents any more.

 

But can you please advise on how the link was created and shared? 

 

Did someone within this Dropbox Business team create it, or someone outside the team?

 

Keep me posted.

Hannah
Community Moderator @ Dropbox
dropbox.com/support


Heart Did this post help you? If so, give it a Like below to let us know.
:arrows_counterclockwise: Need help with something else? Ask me a question!
:pushpin: Find Tips & Tricks Discover more ways to use Dropbox here!
:arrows_counterclockwise: Interested in Community Groups? Click here to join!

0 Likes

sullivanlawaz
Explorer | Level 3
‎04-15-2022 04:44 PM

All; someone in the firm created the link in the drop box business program, in our office.

The links have now been deleted, but the recipient was able to access other files, not associated  with the link.

 

0 Likes

Jay
Dropbox Staff
‎04-18-2022 05:13 AM

Hi @sullivanlawaz, are you certain that none of these links pointed to an entire folder, which allows access to all the subfolders within?

 

Was this only occurring for one specific person, or did other people access the same link and get the same behavior?

Jay
Community Moderator @ Dropbox
dropbox.com/support


Heart Did this post help you? If so, give it a Like below to let us know.
:arrows_counterclockwise: Need help with something else? Ask me a question!
:pushpin: Find Tips & Tricks Discover more ways to use Dropbox here!
:arrows_counterclockwise: Interested in Community Groups? Click here to join!

0 Likes

sullivanlawaz
Explorer | Level 3
‎04-19-2022 03:11 PM

are you certain that none of these links pointed to an entire folder, which allows access to all the subfolders within?

 

Yes; the access was to a subfolder, not to the entire folder.  When the link was clicked, the link allowed access to another, separate subfolder.  When it was clicked again, the access was to a different subfolder.  

 

Was this only occurring for one specific person, or did other people access the same link and get the same behavior?

 

Several different people were able to access different folders, using the same link.

0 Likes

Nancy
Dropbox Staff
‎04-20-2022 11:20 AM

Hi @sullivanlawaz, hope you don’t mind if I join the conversation. 

 

To my experience, a shared link should only point to the specific folder/file for which you created it.

 

Can you please try to create a shared link to one of your subfolders again, and then open it via an incognito window on your browser, while not signed in to any Dropbox account? 

 

I’d like to see if the same thing will happen, so that we can investigate further. 

 

Let me know how it goes!

Nancy
Community Moderator @ Dropbox
dropbox.com/support


Heart Did this post help you? If so, give it a Like below to let us know.
:arrows_counterclockwise: Need help with something else? Ask me a question!
:pushpin: Find Tips & Tricks Discover more ways to use Dropbox here!
:arrows_counterclockwise: Interested in Community Groups? Click here to join!

0 Likes

sullivanlawaz
Explorer | Level 3
‎04-20-2022 02:32 PM

We were not able to replicate what occurred, although it happened twice, with 2 different unique links.

When myself and/or my staff went back into dropbox, created a new link, and clicked it, the proper documents (and only those documents) were able to be accessed.

 

0 Likes

Jay
Dropbox Staff
‎04-21-2022 05:04 AM

As you mentioned that you've deleted the link, it wouldn't be possible for the team to investigate further.

 

in general, it isn't possible for a shared link to give access to folders that aren't contained within the link itself. There has to be another factor which could have caused this, or the method in which the link was created or shared. 

 

As you mentioned this was a Dropbox Business team at the time, was the shared folder within a team folder? 

 

When you or the others accessed the links, were they logged into any Dropbox account at the time, or were they not logged in at all?

Jay
Community Moderator @ Dropbox
dropbox.com/support


Heart Did this post help you? If so, give it a Like below to let us know.
:arrows_counterclockwise: Need help with something else? Ask me a question!
:pushpin: Find Tips & Tricks Discover more ways to use Dropbox here!
:arrows_counterclockwise: Interested in Community Groups? Click here to join!

0 Likes
Need more support?
Who's talking

Top contributors to this post

  • User avatar
    alexpor New member | Level 2
  • User avatar
    Rich Super User II
  • User avatar
    Megan Dropbox Staff
  • User avatar
    Jay Dropbox Staff
What do Dropbox user levels mean?