Recently, including this evening, I have received spurious "New Login" email notifications from Dropbox. I believe that the purpose of such notifications is to alert me of possible fraudulent activity and I have no objection to that (the notifications, not the fraudulence).
But I am using the same computer I've had for a year on the same home network I always use. Here is the core of the notification:
We noticed you logged into Dropbox using Safari on Mac OS X from Apex, NC, United States* at 09:06 PM GMT-05:00.
I live in Wisconsin and my WAN IP is assigned dynamically by Time Warner Cable. At the moment my WAN IP is 126.96.36.199 which, upon DNS lookup, is associated with Wisconsin as expected. To be fair, the email notification does say "Location approximated by the IP address of the login." But this is too much of a location discrepancy to dismiss as approximation error.
Any ideas as to what is happening to generate these notifications?
You may then view your logged in web browsers here and verify the login. You may also close those browser sessions as well as change your password, or add another login factor to your account security.
Now if the Apex, NC login is shown to be true, you should err on the side of caution and change your passwords as well as unlinking and disconnecting old browser sessions and devices as shown in the security tab.