cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Share your feedback on the Document Scanning Experience in the Dropbox App right here.

Security and Permissions

Start a discussion in the Dropbox Community forum to get help with your account security and permissions. Find support from Community members.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Received 3 2FA emails in one minute, but 2FA was not enabled on my account

Received 3 2FA emails in one minute, but 2FA was not enabled on my account

radenkovic
Helpful | Level 5

Hi all,

 


A strange thing happened today, I've received 3 emails  in sequence with content:

 

 

 

Hi [MY FIRST NAME],

Finish signing in to Dropbox with this one-time security code:

[ 6 DIGIT CODE]

If you didn't try to sign in, don't worry. You can safely ignore this email.

 

 

 

 

I freaked out because you can receive 2FA only if you enter the correct password. Upon investigating I figured out that my account does NOT have 2FA enabled!!!

 

Adding headers here (redacted):

From: Dropbox <no-reply@dropbox.com>
To: [MY EMAIL]
CC: 
Subject: [6DIGITS CODE] is your Dropbox security code
Date: Mon, 26 Dec 2022 11:03:37 +0000
Message-ID: <010001854e1a3116-24a80716-e9c4-40f4-94d3-1ebadcdc1fa9-000000@email.amazonses.com>
X-Dropbox-Message-ID: 16683002164785652191
Feedback-ID: 1.us-east-1.syWQ1+fF8Wo1tY8y/+s85ptiAKu7bILK6PHyxwpB+xo=:AmazonSES
X-SES-Outgoing: 2022.12.26-54.240.39.228

Headers look legit, it seems that email is not spoofed.

 

Is this some sort of bug, can someone from dev/support can explain what happened? There was this Lastpass breach a few days ago and I am not sure if those are connected.

 

TLDR; Received 2FA emails, however 2FA is not enabled on my account.

 

Just in case I updated my password once again (was changed a week ago).

 

44 Replies 44

MichaelEngstler
New member | Level 2

Hey @Megan, can you please reach out to me via email as well?

The same email as my dropbox account.

 

Thanks

Walter
Dropbox Staff

Hey @Randy90, thanks for flagging this with us. 

 

Would it be OK if we reached out via email to investigate further?

 

As for you @MichaelEngstler, note that I've just sent you an email, so please have a look at your inbox and we'll take it from there.

 

Thanks!


Walter
Community Moderator @ Dropbox
dropbox.com/support


Heart Did this post help you? If so, give it a Like below to let us know.
:arrows_counterclockwise: Need help with something else? Ask me a question!
:pushpin: Find Tips & Tricks Discover more ways to use Dropbox here!
:arrows_counterclockwise: Interested in Community Groups? Click here to join

MENTZC
Helpful | Level 5

Same thing happened to me over the weekend out of the blue.  Feel free to contact me as well.

I know they say "You can safely ignore this email." but this is concerning to me as I need to know the cause.

jmg2
New member | Level 2

Hello, this also occurred for me about 2 hours ago, three consecutive emails within the same minute. May I please be contacted via email?

Thanks

Nancy
Dropbox Staff

Hey @MENTZC and @jmg2; I’m sorry to hear you’re having the same issue.

 

Did you check your Security page to make sure there are no unknown devices/browsers linked to your Dropbox account?

 

Also, is it possible to upload a screenshot of the email you received, so that I can have a look? Just make sure there’s no personal info showing. 

 

Thanks!


Nancy
Community Moderator @ Dropbox
dropbox.com/support


Heart Did this post help you? If so, give it a Like below to let us know.
:arrows_counterclockwise: Need help with something else? Ask me a question!
:pushpin: Find Tips & Tricks Discover more ways to use Dropbox here!
:arrows_counterclockwise: Interested in Community Groups? Click here to join!

MENTZC
Helpful | Level 5

No unknown devices/sessions on my account. I hardly ever log into it, so this is why it was so random to get them.

3 in less than a minute. All different codes. 

MENTZC_0-1673373320927.png


I cannot be a coincidence that we are all getting exactly 3 in less than a minute. My hope is this is some kind of bug or related to a mobile app or something but "you can safely ignore this email" is horrible advice if an account password was compromised.

arana
Helpful | Level 6

Problem kinda solved, from the support team:

"I would like to let you know that these one-time codes are standard for if any attempt is made to log into an account from a new device. The correct password is not a requirement for this one-time code to be sent

I can also confirm that your accounts are safe, as long as your email accounts are not compromised - I would strongly suggest that you set up 2FA if you want to secure your account access further. "

willywonka
Helpful | Level 5
Hi Arana, I think this is not a correct answer, I tried to log in putting the wrong password on purpose, and I did not receive any codes. Can you try to log in with a wrong password and let us know if you receive the codes? I was not able to reproduce it

Megan
Dropbox Staff

Hi guys, for anyone still facing this, can I send you an email, in order for us to have a closer look into this?


Megan
Community Moderator @ Dropbox
dropbox.com/support


Heart Did this post help you? If so, give it a Like below to let us know.
:arrows_counterclockwise: Need help with something else? Ask me a question!
:pushpin: Find Tips & Tricks Discover more ways to use Dropbox here!
:arrows_counterclockwise: Interested in Community Groups? Click here to join!

willywonka
Helpful | Level 5

I am copy pasting the email i received from support down below. However, this email seems quite useless and does not answer the main question which is : How is that email triggered unless someone has the correct password?

I am assuming everyone received the same email as i am pasting here?

---

"Thank you for your patience as we are reviewing your case regarding the emails you received. I am a member of the Dropbox team. 
 
I can confirm that the email that you have received is a legitimate email from Dropbox. You were sent this message because you have recently attempted to log in to your account. You will need to enter this verification code to complete the sign in process. This is not linked to 2 step verification and is an automated safety feature for your account.
 
We have implemented this to prevent abuse on your account. If you continue to receive these emails and you are not attempting to log in, we would recommend changing the email address connected to your account and securing your account by doing the following:
 
If you haven't done so already, please change your Dropbox account password, which you can do by clicking the link below and following the on-screen prompts:
 

 
Please note: Dropbox recommends strong passwords that are not used for any other website or service. Once you change your password, the change will become effective immediately on all computers and devices linked to your account.
 
Change the password to the email address you use for your Dropbox account. Again, choose a strong password that you don't use for any other service (including Dropbox).
 
For added security, we recommend that you enable two-step verification, which protects your account even if your password is compromised. Once enabled, Dropbox will require a six-digit code in addition to your password when signing in to the Dropbox website or linking a new device. To learn more, please see:
 

 
If you are having trouble logging in or if you have any further questions, please let me know and I will be happy to help.
 
Regards"

Need more support?
Who's talking

Top contributors to this post

  • User avatar
    willywonka Helpful | Level 5
  • User avatar
    MENTZC Helpful | Level 5
  • User avatar
    Rich Super User II
  • User avatar
    BabylonBubbles New member | Level 2
  • User avatar
    Randy90 Helpful | Level 5
What do Dropbox user levels mean?