cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community
English
Announcements
What’s new: end-to-end encryption, Replay and Dash updates. Find out more about these updates, new features and more here.

Security and Permissions

Start a discussion in the Dropbox Community forum to get help with your account security and permissions. Find support from Community members.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Employee Compromised Account

Employee Compromised Account

jchamp_shlc
Explorer | Level 4
November

I have an employee here that signed up for a free DropBox account with their work email. The account has been compromised and the MFA phone number has been changed, so even though I can get a password reset email, I can't complete the change without the MFA code. The account has sent out numerous phishing e-mails to customers and vendors and is continuing to do so since they have hijacked the account.

 

Is there any way we can disable or shutdown the account? We own the email address and domain. It's sending malicious content to our Customers, at the very least I need to disable them from sending out sharing emails.

  • 0 Likes
  • 6 Replies
  • 647 Views
0 Likes
6 Replies 6

Nancy
Dropbox Staff
November

I’m sorry to hear about the situation, @jchamp_shlc

 

Unfortunately, it’s only possible to delete a Dropbox account, after logging in to it, and our support team can’t do it on their end either, due to security reasons. 

 

However, can you please check with your employee if they have the emergency codes they received upon setting up two-step verification? If they do, they can use them to access the account instead, to change the 2FA phone number, email and password, or delete it, if they wish to.

 

Other than that, they can check if they have a backup phone number that may still work, or check their linked devices (for more info, please check the attached link).

 

Let me know, if that helps.

Nancy
Community Moderator @ Dropbox
dropbox.com/support


Heart Did this post help you? If so, give it a Like below to let us know.
:arrows_counterclockwise: Need help with something else? Ask me a question!
:pushpin: Find Tips & Tricks Discover more ways to use Dropbox here!
:arrows_counterclockwise: Interested in Community Groups? Click here to join!

0 Likes

Zachary3
New member | Level 2
November

We are experiencing the same issue. Our staff members mailbox was temporarily compromised, during which the attacker logged in to their Dropbox and set up a 2FA Authenticator App.

 

We reset the password but cannot actually log in without the 2FA or recover code - of which we have neither. The attackers session is still active, so they're sending out fraudulent emails with malicious payloads.

 

If we could simply terminate all active sessions this would fix the issue, but we can only do that by logging in (chicken & egg situation). We logged a ticket with Dropbox asking they do this for us, but they have not responded. 

 

This is a disaster, and SHAME on Dropbox for allowing this kind of situation to occur. At the very least terminate all the current sessions when the password is reset! Crazy. 

 

If ANYONE at Dropbox cares, because our clients certainly do, the ticket number is: 22934270

0 Likes

Helen DBX
Dropbox Staff
November

Hey there, 

 

Helen from Dropbox here.

A security specialist has just responded to your ticket. Please have a look and we will take care of that for you.


Best regards,
Helen 
The Dropbox Team
https://www.dropbox.com/help

0 Likes

Helen DBX
Dropbox Staff
November

Hey there, 

 

Helen from Dropbox here.

I understand your concern with the compromised account.

A security specialist will investigate this for you. Please ask your employee to create a support ticket with the same email address associated with the compromised Dropbox account:
http://www.dropbox.com/support

We can then review the case and help you fully. 

Best regards,
Helen 
The Dropbox Team
https://www.dropbox.com/help

0 Likes

jchamp_shlc
Explorer | Level 4
November

Helen, 

 

Thank you for the reply. We have created a support case under their email address/account.

Support Ticket # 22951548

 

We got word this morning from some vendors and customers that the attacker send out new sharing links with malicious content (attachment that leads the user to credential phishing page).

Nancy
Dropbox Staff
November

Sorry to jump in, @jchamp_shlc. I've located your ticket in our system, and I've left an internal note to our team for you. They should get back to you as soon as possible.

Nancy
Community Moderator @ Dropbox
dropbox.com/support


Heart Did this post help you? If so, give it a Like below to let us know.
:arrows_counterclockwise: Need help with something else? Ask me a question!
:pushpin: Find Tips & Tricks Discover more ways to use Dropbox here!
:arrows_counterclockwise: Interested in Community Groups? Click here to join!

0 Likes
Need more support?
Who's talking

Top contributors to this post

  • User avatar
    Nancy Dropbox Staff
  • User avatar
    jchamp_shlc Explorer | Level 4
  • User avatar
    Helen DBX Dropbox Staff
  • User avatar
    Zachary3 New member | Level 2
What do Dropbox user levels mean?