cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Update: Find information on Dropbox support during COVID-19 here
Close
cancel
Showing results for 
Search instead for 
Did you mean: 

Just now learned (from a phishing attack) the big dropbox hack back in 2016 or whenever it was...

tanreterp New member | Level 2
New member | Level 2

I used a unique email address when registering on dropbox, but this year I received a couple of emails to that address that were not addressed from dropbox. Both emails were phishing for my response, one of them ransomeware, saying my files were corrupted and I had to pay them in bitcoin for protection. That email came a few months ago, which I just ignored because I didn't notice at the time that it was addressed to my dropbox-specific email account. I only looked into these phishing attacks when I DID notice the other email I received within the past week or so.

So I googled about a dropbox hack, and sure enough, it was news way back in 2016. Per dropbox history in my account details, it looks like no one actually logged in, and there was no suspicious file activity. So I conclude that my particular account was not hacked, only that my particularly unique email address was stolen from a dropbox server.

What bothers me is that I see no notice whatsovever from dropbox informing me of how my email address registered with dropbox was stolen.

4 Replies 4

Re: Just now learned (from a phishing attack) the big dropbox hack back in 2016 or whenever it was.

Dropboxer
Dropboxer

Hey there @tanreterp - sorry to hear about this. 

It appears that this message was impersonating Dropbox’s services in an attempt to maliciously impact your machine.

In the future, you can reference this Help Center article that shows the valid domains that Dropbox would send from to be sure. 

As you found out, the email you were sent is fake and was not sent by Dropbox. Likewise, the links in the email are not hosted by Dropbox. 

Moreover, as you may know, these types of emails can be designed to trick you into clicking on a link that can lead to a spam, phishing or malware websites. Please be careful.

You can report phishing sites yourself to Google and Microsoft, who will then block those sites. 

This is all Dropbox can do if Dropbox is not hosting any of the content. The sites for reporting phishing are here:
https://www.google.com/safebrowsing/report_phish/
https://www.microsoft.com/security/online-privacy/phishing-scams.aspx 

If you feel like there's an additional action that needs to be taken from our side, please forward the whole email to abuse@dropbox.com.

In any case, I would also advise you to change your password for both your email address and your Dropbox account while setting step-verification would also help improve your account's security. 

I hope this helps to some extent and please let me know if there's anything else I can do from my end to assist with this. 

Thank you! 



Walter
Community Moderator @ Dropbox
https://dropbox.com/support


Heart Did this post help you? If so, please give it a Like below.
Still stuck? Ask me a question!
Tips & Tricks Find new ways to stay in flow or share your tips on how you work smarter with Dropbox.

Re: Just now learned (from a phishing attack) the big dropbox hack back in 2016 or whenever it was.

tanreterp New member | Level 2
New member | Level 2

I understand and expected that you wouldn't be able or allowed to address my actual complaint (in the last paragraph of my post). Other than that, your response was very friendly and informative. I especially appreciate the google and microsoft links, which I was unaware of. Google and Microsoft email services are so huge and global... if I can detect phishing, they should be able and willing to completely block the kind of phishing attacts that I detected that come from the same sender, at least!

Re: Just now learned (from a phishing attack) the big dropbox hack back in 2016 or whenever it was.

tanreterp New member | Level 2
New member | Level 2

I probably should add, since you were unable to address the core issue, that I hope your IT department at least adds honey-pot like email addresses that look like typical customer email addresses, so that you can easily and instantly detect the same kind of phishing attacts that I have.

Re: Just now learned (from a phishing attack) the big dropbox hack back in 2016 or whenever it was.

tanreterp New member | Level 2
New member | Level 2

Wow, speaking of honest admission of breeches, here is an excerpt of what I just now received from Chegg:

What Happened?
On September 19, 2018, we learned that, on or around April 29, 2018, an unauthorized party gained access to one of our databases that hosts user data. An investigation, supported by a third-party forensics firm, was commenced. We have determined that some of your account information may have been obtained, which is why you are receiving this notice.
What Information Was Involved?
Our understanding is that the data that may have been obtained could include your name, email address, shipping address, Chegg username, and hashed Chegg password. Our current understanding is that no financial information such as credit card numbers, bank account information, or social security numbers was obtained.
What We Are Doing
We will prompt you to change your Chegg.com password upon login. If your password has been changed on or after September 26th, 2018, you will not be prompted to change it again.

 

 

[This thread is now closed by moderators due to inactivity. If you're experiencing a similar behavior or have a question, feel free to Ask for help from the Community here.]

 

Work Smarter with Dropbox

The way we work is changing. Share and discover new ways to work smarter with Dropbox in our community.

Sound good? Let's get started.
Who's talking

Top contributors to this post

What do Dropbox user levels mean?
Need more support?