You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.

Forum Discussion

jchamp_shlc's avatar
jchamp_shlc
Explorer | Level 4
2 years ago

Employee Compromised Account

I have an employee here that signed up for a free DropBox account with their work email. The account has been compromised and the MFA phone number has been changed, so even though I can get a password reset email, I can't complete the change without the MFA code. The account has sent out numerous phishing e-mails to customers and vendors and is continuing to do so since they have hijacked the account.

 

Is there any way we can disable or shutdown the account? We own the email address and domain. It's sending malicious content to our Customers, at the very least I need to disable them from sending out sharing emails.

  • Nancy's avatar
    Nancy
    Icon for Dropbox Staff rankDropbox Staff

    I’m sorry to hear about the situation, jchamp_shlc

     

    Unfortunately, it’s only possible to delete a Dropbox account, after logging in to it, and our support team can’t do it on their end either, due to security reasons. 

     

    However, can you please check with your employee if they have the emergency codes they received upon setting up two-step verification? If they do, they can use them to access the account instead, to change the 2FA phone number, email and password, or delete it, if they wish to.

     

    Other than that, they can check if they have a backup phone number that may still work, or check their linked devices (for more info, please check the attached link).

     

    Let me know, if that helps.

    • Zachary3's avatar
      Zachary3
      New member | Level 2

      We are experiencing the same issue. Our staff members mailbox was temporarily compromised, during which the attacker logged in to their Dropbox and set up a 2FA Authenticator App.

       

      We reset the password but cannot actually log in without the 2FA or recover code - of which we have neither. The attackers session is still active, so they're sending out fraudulent emails with malicious payloads.

       

      If we could simply terminate all active sessions this would fix the issue, but we can only do that by logging in (chicken & egg situation). We logged a ticket with Dropbox asking they do this for us, but they have not responded. 

       

      This is a disaster, and SHAME on Dropbox for allowing this kind of situation to occur. At the very least terminate all the current sessions when the password is reset! Crazy. 

       

      If ANYONE at Dropbox cares, because our clients certainly do, the ticket number is: 22934270

      • Helen DBX's avatar
        Helen DBX
        Icon for Dropbox Staff rankDropbox Staff

        Hey there, 

         

        Helen from Dropbox here.

        A security specialist has just responded to your ticket. Please have a look and we will take care of that for you.


        Best regards,
        Helen 
        The Dropbox Team
        https://www.dropbox.com/help

  • Hey there, 

     

    Helen from Dropbox here.

    I understand your concern with the compromised account.

    A security specialist will investigate this for you. Please ask your employee to create a support ticket with the same email address associated with the compromised Dropbox account:
    http://www.dropbox.com/support

    We can then review the case and help you fully. 

    Best regards,
    Helen 
    The Dropbox Team
    https://www.dropbox.com/help

    • jchamp_shlc's avatar
      jchamp_shlc
      Explorer | Level 4

      Helen, 

       

      Thank you for the reply. We have created a support case under their email address/account.

      Support Ticket # 22951548

       

      We got word this morning from some vendors and customers that the attacker send out new sharing links with malicious content (attachment that leads the user to credential phishing page).

      • Nancy's avatar
        Nancy
        Icon for Dropbox Staff rankDropbox Staff

        Sorry to jump in, jchamp_shlc. I've located your ticket in our system, and I've left an internal note to our team for you. They should get back to you as soon as possible.

About Security and Permissions

Start a discussion in the Dropbox Community forum to get help with your account security and permissions. Find support from Community members.

Need more support

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!