cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Learn more about how Connie, a member of the Community, uses Dropbox here!

Dropbox accounts & billing

Make your Dropbox account work for you, with the help of Community users like you. Join in or start a discussion of your own.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Dropbox security data grossly inaccurate

Dropbox security data grossly inaccurate

Terry P.
Collaborator | Level 10

I was alarmed to get an email from Support indicating that there had been a suspicious recent sign-on to my Dropbox account. On checking my Security page there seemed to be four others (over the last couple of years):

https://www.dropbox.com/s/jxnid7cir050lwz/UnknownSignIns.jpg?raw=1

 

As I hadn't ever been to either Berkhamsted, Llanymynech or Elgin, nor to Eastbourne in years, and don't have a Mac, I promptly changed my password this morning. And started worrying about what unnoticed impact these intrusions may have had or might have.

 

But I've just signed in again, with Safari on my iPad, and I'm thoroughly confused by what I see! For a start, it appears that the data for Location is completely unreliable. Here's a screenshot from an hour or so ago:


https://www.dropbox.com/s/r0n74i7wiknr85c/Dropbox20201211.jpg?raw=1

 

So I now also assume that the information in the screenshot I showed earlier was also wrong:

 

And I suspect that the Device data is also incorrect. In fact it seems that all the iOS data is unreliable and misleading.

 

If so then my assumption that my account has been hacked now happily appears based on false data. But these appear to be serious flaws and cast grave doubts on the efficacy of the Dropbox security systems. I've emailed Support and hope to get a full explanation promptly.

7 Replies 7

Re: Dropbox security data grossly inaccurate

Rich
Super User II

@Terry P. wrote:

For a start, it appears that the data for Location is completely unreliable.


Location data doesn't show your true location. It can only show the location that your ISP has registered for the IP address that you're currently using, which is usually a data center or headquarters of the company, and could be located some distance from your actual location.

 

Dropbox can't see your exact location. All it can do is see what IP address you're using and then look up the registered location for that IP. In some cases it will list the same or a nearby city, but in many cases it can be a location far away.

Re: Dropbox security data grossly inaccurate

Terry P.
Collaborator | Level 10

Thanks Rich, appreciate the fast response. I'm abysmally ignorant about this stuff. So it sounds as if I may have completely misunderstood. Are you saying that the IP reported by Dropbox cannot tell me anything useful about the actual hacker's device or location?

 

Using various tools on the first example I had, I note these varying and confusing!) results:

IP: 88.105.1.223

RESULTS FROM GEO IP TOOL
http://geoiplookup.net/ip/88.105.1.223
------------------------

ISP:TalkTalk
IP Geolocation Information
Continent:Europe (EU)
Country:United Kingdom (GB)
City:Eastbourne
Time Zone:Europe/London
Latitude:50.7883 (50°47'17.88" N)Longitude:0.2817 (0°16'54.12" N)
Plus a handy Google map showing location in a lake outside Eastbourne (the town named on the Dropbox Security page).

Different to 'Milton Keynes' reported by RIPE.


RESULTS FROM RIPE
https://apps.db.ripe.net/db-web-ui/query?searchtext=88.105.1.223

Responsible organisation: TalkTalk Communications Limited
Login to update RIPEstat
inetnum: 88.104.0.0 - 88.107.255.255
netname: DSL-TISCALI-UK
descr: Tiscali UK Ltd
descr: Milton Keynes
descr: Dynamic DSL
country: GB
admin-c: TU935-RIPE
tech-c: TU935-RIPE
status: ASSIGNED PA
mnt-by: TU935-RIPE-MNT
created: 2005-10-11T13:16:13Z
last-modified: 2011-02-23T12:16:02Z
source: RIPE

route: 88.104.0.0/15
descr: TalkTalk Communications Limited
origin: AS9105
mnt-by: TALKTALK-MNT
created: 2019-11-06T01:02:29Z
last-modified: 2019-11-06T01:02:29Z
source: RIPE# Filtered

Presumably the location is of the ISP, not the user?

RESULTS FROM ANOTHER TOOL
--------------------------
IP address: 88.105.1.223
hostname: 88-105-1-223.dynamic.dsl.as9105.com
ISP: TalkTalk
ASN: AS9105
City: East Grinstead
Country: United Kingdom (GB) flag
Postal code: RH19
latitude: 51.1167
longitude: -0.016699999999986

GE shows that in a field about 1.5 miles south of my home in East Grinstead.

 

Terry

Re: Dropbox security data grossly inaccurate

Rich
Super User II

@Terry P. wrote:

Are you saying that the IP reported by Dropbox cannot tell me anything useful about the actual hacker's device or location?


It will tell you the IP address of the device (or firewall it's behind) and the registered location for that IP address based on whatever database Dropbox is subscribed to for its geo-location service, and as you can see, different databases have different information.

 

If you actually think you're account has been hacked, then you should not only change your password, but you should also unlink any unknown devices from your account and close any active web sessions. Changing your password isn't enough. If someone actually did have your password and used it to link a new device, changing your password doesn't prevent the already-linked device from connecting to your account.

Re: Dropbox security data grossly inaccurate

Terry P.
Collaborator | Level 10

Thanks for sticking with me on this Rich. I'm getting closer to concluding there is no hacking. I'd welcome your thoughts on my annotated screenshots please:

https://www.dropbox.com/s/93c5e3lufqemp4i/DropboxSecurity-iPad.jpg?raw=1

https://www.dropbox.com/s/e723wpqtkyf3iaj/DropboxSecurity-PC.jpg?raw=1

 

Terry

 

 

 

Re: Dropbox security data grossly inaccurate

Rich
Super User II

@Terry P. wrote:

I'd welcome your thoughts on my annotated screenshots please ...


It shows as a Mac because that's how the user agent within Safari reports itself. It's not Dropbox detecting your OS. It's Dropbox reading the user agent data that your browser sends along with each request. In this case, Safari on iOS reports itself as being on a Mac.

 

Google search showing the user agent of Safari on an iPad running iPad OS 14.2Google search showing the user agent of Safari on an iPad running iPad OS 14.2

 

Re: Dropbox security data grossly inaccurate

Terry P.
Collaborator | Level 10

Thanks. Seems very strange to me that it should report itself as a Mac instead of an iPad! Gets the iPhone and PC right though.

More important, do you agree with my conclusion that there's no evidence of hacking?

Re: Dropbox security data grossly inaccurate

Rich
Super User II

@Terry P. wrote:

More important, do you agree with my conclusion that there's no evidence of hacking?


That's not a conclusion I'll make for someone else's account. I'm just a user, like yourself.

Poll
Are you starting new work habits this year?
Who's talking

Top contributors to this post

What do Dropbox user levels mean?
Need more support?