Security and Permissions
Start a discussion in the Dropbox Community forum to get help with your account security and permissions. Find support from Community members.
Hi all,
A strange thing happened today, I've received 3 emails in sequence with content:
Hi [MY FIRST NAME],
Finish signing in to Dropbox with this one-time security code:
[ 6 DIGIT CODE]
If you didn't try to sign in, don't worry. You can safely ignore this email.
I freaked out because you can receive 2FA only if you enter the correct password. Upon investigating I figured out that my account does NOT have 2FA enabled!!!
Adding headers here (redacted):
From: Dropbox <no-reply@dropbox.com> To: [MY EMAIL] CC: Subject: [6DIGITS CODE] is your Dropbox security code Date: Mon, 26 Dec 2022 11:03:37 +0000 Message-ID: <010001854e1a3116-24a80716-e9c4-40f4-94d3-1ebadcdc1fa9-000000@email.amazonses.com> X-Dropbox-Message-ID: 16683002164785652191 Feedback-ID: 1.us-east-1.syWQ1+fF8Wo1tY8y/+s85ptiAKu7bILK6PHyxwpB+xo=:AmazonSES X-SES-Outgoing: 2022.12.26-54.240.39.228
Headers look legit, it seems that email is not spoofed.
Is this some sort of bug, can someone from dev/support can explain what happened? There was this Lastpass breach a few days ago and I am not sure if those are connected.
TLDR; Received 2FA emails, however 2FA is not enabled on my account.
Just in case I updated my password once again (was changed a week ago).
Hey @Megan, can you please reach out to me via email as well?
The same email as my dropbox account.
Thanks
Hey @Randy90, thanks for flagging this with us.
Would it be OK if we reached out via email to investigate further?
As for you @MichaelEngstler, note that I've just sent you an email, so please have a look at your inbox and we'll take it from there.
Thanks!
Walter
Community Moderator @ Dropbox
dropbox.com/support
Did this post help you? If so, give it a Like below to let us know.
Need help with something else? Ask me a question!
Find Tips & Tricks Discover more ways to use Dropbox here!
Interested in Community Groups? Click here to join
Same thing happened to me over the weekend out of the blue. Feel free to contact me as well.
I know they say "You can safely ignore this email." but this is concerning to me as I need to know the cause.
Hello, this also occurred for me about 2 hours ago, three consecutive emails within the same minute. May I please be contacted via email?
Thanks
Hey @MENTZC and @jmg2; I’m sorry to hear you’re having the same issue.
Did you check your Security page to make sure there are no unknown devices/browsers linked to your Dropbox account?
Also, is it possible to upload a screenshot of the email you received, so that I can have a look? Just make sure there’s no personal info showing.
Thanks!
Nancy
Community Moderator @ Dropbox
dropbox.com/support
Did this post help you? If so, give it a Like below to let us know.
Need help with something else? Ask me a question!
Find Tips & Tricks Discover more ways to use Dropbox here!
Interested in Community Groups? Click here to join!
No unknown devices/sessions on my account. I hardly ever log into it, so this is why it was so random to get them.
3 in less than a minute. All different codes.
I cannot be a coincidence that we are all getting exactly 3 in less than a minute. My hope is this is some kind of bug or related to a mobile app or something but "you can safely ignore this email" is horrible advice if an account password was compromised.
Problem kinda solved, from the support team:
"I would like to let you know that these one-time codes are standard for if any attempt is made to log into an account from a new device. The correct password is not a requirement for this one-time code to be sent.
I can also confirm that your accounts are safe, as long as your email accounts are not compromised - I would strongly suggest that you set up 2FA if you want to secure your account access further. "
Hi guys, for anyone still facing this, can I send you an email, in order for us to have a closer look into this?
Megan
Community Moderator @ Dropbox
dropbox.com/support
Did this post help you? If so, give it a Like below to let us know.
Need help with something else? Ask me a question!
Find Tips & Tricks Discover more ways to use Dropbox here!
Interested in Community Groups? Click here to join!
I am copy pasting the email i received from support down below. However, this email seems quite useless and does not answer the main question which is : How is that email triggered unless someone has the correct password?
I am assuming everyone received the same email as i am pasting here?
---
"Thank you for your patience as we are reviewing your case regarding the emails you received. I am a member of the Dropbox team.
I can confirm that the email that you have received is a legitimate email from Dropbox. You were sent this message because you have recently attempted to log in to your account. You will need to enter this verification code to complete the sign in process. This is not linked to 2 step verification and is an automated safety feature for your account.
We have implemented this to prevent abuse on your account. If you continue to receive these emails and you are not attempting to log in, we would recommend changing the email address connected to your account and securing your account by doing the following:
If you haven't done so already, please change your Dropbox account password, which you can do by clicking the link below and following the on-screen prompts:
Please note: Dropbox recommends strong passwords that are not used for any other website or service. Once you change your password, the change will become effective immediately on all computers and devices linked to your account.
Change the password to the email address you use for your Dropbox account. Again, choose a strong password that you don't use for any other service (including Dropbox).
For added security, we recommend that you enable two-step verification, which protects your account even if your password is compromised. Once enabled, Dropbox will require a six-digit code in addition to your password when signing in to the Dropbox website or linking a new device. To learn more, please see:
If you are having trouble logging in or if you have any further questions, please let me know and I will be happy to help.
Regards"
Hi there!
If you need more help you can view your support options (expected response time for a ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!