I was alarmed to get an email from Support indicating that there had been a suspicious recent sign-on to my Dropbox account. On checking my Security page there seemed to be four others (over the last couple of years):
As I hadn't ever been to either Berkhamsted, Llanymynech or Elgin, nor to Eastbourne in years, and don't have a Mac, I promptly changed my password this morning. And started worrying about what unnoticed impact these intrusions may have had or might have.
But I've just signed in again, with Safari on my iPad, and I'm thoroughly confused by what I see! For a start, it appears that the data for Location is completely unreliable. Here's a screenshot from an hour or so ago:
So I now also assume that the information in the screenshot I showed earlier was also wrong:
And I suspect that the Device data is also incorrect. In fact it seems that all the iOS data is unreliable and misleading.
If so then my assumption that my account has been hacked now happily appears based on false data. But these appear to be serious flaws and cast grave doubts on the efficacy of the Dropbox security systems. I've emailed Support and hope to get a full explanation promptly.
@Terry P. wrote:
For a start, it appears that the data for Location is completely unreliable.
Location data doesn't show your true location. It can only show the location that your ISP has registered for the IP address that you're currently using, which is usually a data center or headquarters of the company, and could be located some distance from your actual location.
Dropbox can't see your exact location. All it can do is see what IP address you're using and then look up the registered location for that IP. In some cases it will list the same or a nearby city, but in many cases it can be a location far away.
Thanks Rich, appreciate the fast response. I'm abysmally ignorant about this stuff. So it sounds as if I may have completely misunderstood. Are you saying that the IP reported by Dropbox cannot tell me anything useful about the actual hacker's device or location?
Using various tools on the first example I had, I note these varying and confusing!) results:
RESULTS FROM GEO IP TOOL
IP Geolocation Information
Country:United Kingdom (GB)
Latitude:50.7883 (50°47'17.88" N)Longitude:0.2817 (0°16'54.12" N)
Plus a handy Google map showing location in a lake outside Eastbourne (the town named on the Dropbox Security page).
Different to 'Milton Keynes' reported by RIPE.
RESULTS FROM RIPE
Responsible organisation: TalkTalk Communications Limited
Login to update RIPEstat
inetnum: 188.8.131.52 - 184.108.40.206
descr: Tiscali UK Ltd
descr: Milton Keynes
descr: Dynamic DSL
status: ASSIGNED PA
descr: TalkTalk Communications Limited
source: RIPE# Filtered
Presumably the location is of the ISP, not the user?
RESULTS FROM ANOTHER TOOL
IP address: 220.127.116.11
City: East Grinstead
Country: United Kingdom (GB) flag
Postal code: RH19
GE shows that in a field about 1.5 miles south of my home in East Grinstead.
@Terry P. wrote:
Are you saying that the IP reported by Dropbox cannot tell me anything useful about the actual hacker's device or location?
It will tell you the IP address of the device (or firewall it's behind) and the registered location for that IP address based on whatever database Dropbox is subscribed to for its geo-location service, and as you can see, different databases have different information.
If you actually think you're account has been hacked, then you should not only change your password, but you should also unlink any unknown devices from your account and close any active web sessions. Changing your password isn't enough. If someone actually did have your password and used it to link a new device, changing your password doesn't prevent the already-linked device from connecting to your account.
Thanks for sticking with me on this Rich. I'm getting closer to concluding there is no hacking. I'd welcome your thoughts on my annotated screenshots please:
@Terry P. wrote:
I'd welcome your thoughts on my annotated screenshots please ...
It shows as a Mac because that's how the user agent within Safari reports itself. It's not Dropbox detecting your OS. It's Dropbox reading the user agent data that your browser sends along with each request. In this case, Safari on iOS reports itself as being on a Mac.
Thanks. Seems very strange to me that it should report itself as a Mac instead of an iPad! Gets the iPhone and PC right though.
More important, do you agree with my conclusion that there's no evidence of hacking?
The way we work is changing. Share and discover new ways to work smarter with Dropbox in our community.Sound good? Let's get started.
For more info on available support options, see this article.
If you found the answer to your question, please 'like' the post to say thanks to the user!