cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Want to learn some quick and useful tips to make your day easier? Check out how Calvin uses Replay to get feedback from other teams at Dropbox here.

Settings and Preferences

The Dropbox Community is here to help if you have questions about your account settings and preferences. Learn and share advice with members.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Re: Hackers abusing Dropbox to access Gmail?!!!

Hackers abusing Dropbox to access Gmail?!!!

gebruikersnaam
Explorer | Level 4

Google Chrome is up-to-date
Versie 75.0.3770.100 (Officiële build) (32-bits)
I sent the Chrome team this 2 days ago and I also contacted API Support team...


Copy-paste:

Somehow the virus contained in this file [link removed by moderator] and this file [link removed by moderator]  immediately broke out of my 360 TotalSecurity Sandbox and not only that, it started adding all my logged in gmail accounts to dropbox!!! IP History shows a browser used in Sweden. I have 2FA enabled for all gmail accounts (no mobile number) so it's beyond me how they can add my gmail accounts (even Apps for your Domain) to Dropbox (without Dropbox being able to find the account through password reset). I quickly noticed the file was not safe so I disconnected the internet and cleaned up (only 1 PuP file for some Russian mail app in AppData\Local). Yet within 20 seconds the damage was already done... ;-(

1. how can dropbox give gmail accounts access to non-existing accounts (I got almost a dozen notification emails from Google, they are legit),
2. how can a virus read my logged in gmail addresses (I don't store any passwords but I do use lastpass, which wasn't the leak because that contains many more gmail accounts that didn't get breached)?
3. Next to the dropbox warnings, I also got a password reset email from Bittrex crypto exchange... I made that account last week, with a non-existing email address (but catch-all of my domain)... How the frack did they get that email address that quickly?
4. WHAT INFORMATION IN MY Gmail CAN BE ACCESSED THROUGH DROPBOX???!!!

Luckily I investigated the Google Notifications on my Mobile phone and immediately changed all passwords... Yet I have no idea if my private information has been stolen already... Access to my gmail would be a hackers' paradise. So far, all is good BUT I have not forgotten the password reset request for my virgin Bittrex account...!

(end copy-paste)

I thought you should know to. I have ran Avast (it was installed), 360 TotalSecurity (with all engines enabled, even Avira's) and now also a Full working Demo version of Dr.Web (which did wonders on my Android phones) including a firewall. All is (reportedly) clean.

Kindly advise: especially question 4 (ALL CAPS) is important to ME. What's going on here??? How can hackers in Sweden use Dropbox with non-existing Dropbox accounts to access my gmail??? And WHAT can they access?

Regards

 

* actually, the downloaders itself are kind-of safe; the resulting download (an ISO file) contains the nasty piece of software that triggered all of Google's emails warning me about Dropbox access from Sweden (where I don't live).

11 Replies 11

gebruikersnaam
Explorer | Level 4

Yeah Dropbox support, in the end, was an absolute waste of time and an utter joke: we don't know, please contact Google to get the answers you seek...

 

Sure... Thank you! 

 

😞

Daphne
Dropbox Staff

Thanks for the additional info @issue_goggle!

I'm afraid in this case, since there isn't a Dropbox account under that email address, I would suggest contacting Google Support for some further assistance.

Without knowing the Dropbox account, we have limited info on what exactly occurred. Google should have access to more info on this event to be able to clarify the situation further.

That being said, I was able to find this thread here from Google Support on how you can disconnect Dropbox through your Google account in the meantime.

Please do keep me updated with what you find!


Daphne
Community Moderator @ Dropbox
dropbox.com/support


Heart Did this post help you? If so, please give it a Like below.
:arrows_counterclockwise: Still stuck? Ask me a question!
:pushpin: Tips & Tricks Find new ways to stay in flow or share your tips on how you work smarter with Dropbox.

Need more support?