You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.

Forum Discussion

radenkovic's avatar
radenkovic
Helpful | Level 5
3 years ago

Received 3 2FA emails in one minute, but 2FA was not enabled on my account

Hi all,   A strange thing happened today, I've received 3 emails  in sequence with content:       Hi [MY FIRST NAME], Finish signing in to Dropbox with this one-time security code...
Account Access
Security
Rich's avatar
Rich
Icon for Super User II rankSuper User II
radenkovic wrote:

Received 2FA emails, however 2FA is not enabled on my account.

That's not a two-step verification email. That's a one-time security code email. Similar, but different. You don't need to have two-step verification enable to receive the one-time security code. Dropbox will request a code if they feel a login attempt is suspicious.

 

Even though they didn't get in to your account, you probably should review the active sessions and devices linked to your account, and change your password. You can do both from your Security page.

radenkovic's avatar
radenkovic
Helpful | Level 5
3 years ago

Thanks Rich! Does that mean that the malicious actor entered the correct password?  

Just FYI I changed my password after the incident and enabled 2FA. Also, there are no suspicious sessions/logins on my account (active sessions).

  • Nancy's avatar
    Nancy
    Icon for Dropbox Staff rankDropbox Staff
    3 years ago

    Hey radenkovic

     

    Is there any chance that you had previously stored your Dropbox password somewhere that was accessible by another user/person?

     

    If you don’t see any trace of another device/browser on your Security tab though, it means that no one else managed to log in to your Dropbox account. 

     

    Also, good thinking on resetting your Dropbox password/enabling 2FA; that should do it.

    • radenkovic's avatar
      radenkovic
      Helpful | Level 5
      3 years ago

      Nancy, thanks for your input! I don't have any files on that dropbox account and have decent security practices (using password manager, not reusing passwords etc), it may be that I'm compromised, but I doubt it, that's why I am checking. 

       

      Is it possible to check logs with timestamp from my first post and confirm that someone actually tried to login with correct pw?

      • Walter's avatar
        Walter
        Icon for Dropbox Staff rankDropbox Staff
        2 years ago

        Hey radenkovic, sorry to jump in, but I just wanted to confirm that the email you received seems to have come from an official Dropbox domain.

         

        Just in case, you can change your account's password as the one time code that was sent to you would indeed only be sent if the password entered was correct. 

         

        The only timestamps about this incident you can check are the ones from any email you may have received during that time while you could also check your account's Security page for any web sessions that you don't recognize etc. 

         

        I hope this helps!

About Security and Permissions

Start a discussion in the Dropbox Community forum to get help with your account security and permissions. Find support from Community members.

Need more support

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!