cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Share your feedback on the Document Scanning Experience in the Dropbox App right here.

Security and Permissions

Start a discussion in the Dropbox Community forum to get help with your account security and permissions. Find support from Community members.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Join team/merge account potential compromise

Join team/merge account potential compromise

jimwc
Helpful | Level 5

I have lodged a ticket with support on this but I am concerned about a potential security issue. And want to see if I can get some additional information more quickly or find alternative communication, such as a support line to talk to someone in real time. 

 

I received an email to join a drop box team. As I have been trying to provide support to a potential client I didn't think much of it. I saw the merge accounts button and thought, ok I don't really want to do that but let's see if there's more information. NO! It just starts merging the account.

 

I am not worried about my account. It was only created for troubleshooting the client's problem. There is nothing in it except a bunch of "test files" but it looks like a colleague has also merged their account too. We don't know if this is malicious but I would like to see if there is a way to extricate my colleague's account from this situation without contacting this potential client (who we know nothing about). 

 

Is there a way we can permanently delete our files or account? This seems like a massive security issue as the admin of the team can access everything in a drop box with nothing less than a carelessly clicked URL. 

15 Replies 15

Heather C.19
Helpful | Level 5

They got back to me with the same info. Only an admin can make the changes. Which is interesting because I spoke to a friend who told me that they were able to call and get their account reinstated from this maybe a year ago. I'm not paying for Dropbox going forward. This has been a total nightmanre and I"ll be recommending anyone who does to get rid of it. Especially with the Ai training they're rolling out on our files soon. I used Dropbox for a decade and I don't trust them anymore!

jimwc
Helpful | Level 5

Yeah, I'm certain there is a way for DB to handle this on our behalf, they just don't want to. In some cases I think it would be a good policy to stop disgruntled employees from taking data with them or otherwise disrupting files that belong to an organisation. However, the whole system is flawed from the start. 

 

I strongly recommend sharepoint or onedrive. Our organisation has been using these for years. Dropbox was set up as a convenience for specific tasks but it absolutely was not worth it. Goodluck out there! 

Heather C.19
Helpful | Level 5

I just accidentally merged my personal dropbox with my client's dropbox and now he is my admin. I contacted you immediately after to see if you could just reverse this change and nobody has been able to other than telling me that I should "contact my admin" which is honestly unhelpful. There's no way to reset and reverse this!?!

 

Merging 10 years of other client files, my taxes, a lot of business contacts etc. was an accident.

 

I did not realize I wasn't just connecting a client's folder (which is what he thought he was sending me, an INVITE TO A FOLDER, it looks almost exactly like an invite to a folder—I thought it was a weird invite to a folder. So I didn't create a new "personal" file because I thought it was an invite — so when Dropbox suddenly swiped all my personal freelance files into my clients Team I was ABSOLUTELY STUNNED. The shock of it! Such an unhappy surprise. I was so angry. I was so upset. All of my trust in Dropbox was lost.)

 

1. I suggest you add several buttons that make very clear (like RED LETTERING, extra codes sent to email) and multiple going back points for someone merging a personal folder into a team. It should be the rare exception that someone merges all their personal files into a team and not the rule.It should not be so easy to accidentally merge all your files into someone else's folder.

 

2. The Team invite needs to look VERY different from the usual Folder invite on both the sending side and the receiving side (My client did not mean to send me the team invite). And you should make certain with multiple pain in the butt "Yes I want to" want to merge your files with the team.

 

Right now it's too easy to accidentally click yes, and then have a panic attack as you see all your work copied into someone else's drive.

It's also a very insecure system, anyone who sends a Team invite can swoop someone else's files and there are many instances (see subject line and also search Twitter, a friend of mine had this happen and she called you and your helpdesk was able to unmerge the team but apparently this is no longer an option. ) where people have lost tons of files and data due to this accidental joining and merging of a personal account into a Team account.

 

Anyway, 10 years of goodwill gone and I will not be recommending you to my clients any more!

Heather C.19
Helpful | Level 5

Agreed! There should be multiple opt outs and very clear, "we are deleting your account, you sure about that" vibes. Instead it was quick and easy to make a massive mistake.

 

I'm on a mac and Sharepoint and Onedrive don't get along well with Macs. Thanks for the recs though! I'm going to find something more secure where employees don't have the ability to look at your stored files (also a big yikes).

jimwc
Helpful | Level 5

I heard back from support over the weekend. It was probably a copy/paste of the same response you got. 

I like how in the documentation it state merging an account requires following a series of prompts. There is exactly zero prompts. We have create a new account or merge. No dialogue boxes. Nothing. Any of your suggestions would be an improvement. Personally, I think there should be a skull and crossbones popup. 

Heather C.19
Helpful | Level 5

The funniest part of this I finally got everything copied onto my personal account and unlinked my new team account. All the files that were in my clients team folder are still on my computer. "security measure" my arse. Definitely unlinking Dropbox from my desktop now though!

Need more support?
Who's talking

Top contributors to this post

  • User avatar
    Heather C.19 Helpful | Level 5
  • User avatar
    jimwc Helpful | Level 5
What do Dropbox user levels mean?