cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
We are making some updates so the Community might be down for a few hours on Monday the 11th of November. Apologies for the inconvenience and thank you for your patience. You can find out more here.

Security and Permissions

Start a discussion in the Dropbox Community forum to get help with your account security and permissions. Find support from Community members.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Dropbox account hacked

Dropbox account hacked

rpmyer
New member | Level 2

My Dropbox account was hacked.  I did not have 2FA set up.  Hacker changed password and set up 2FA to their device.  If I did a password reset, it would send me an email, but when I changed it would ask for 2FA, which I could not get.  Thus message is, make sure 2FA is set up on your account.  Because if you don't, Dropbox is no help.  The hacker sent out an email to my contacts with a virus link to Dropbox.  Dropbox system then kept sending emails to my contacts reminding them to click on the link.  Dropbox has no phone support number.  The only way to contact support was through an online form.  I contacted Dropbox 19 times over 123 hours until someone at Dropbox turn off the 2FA and I was able to reset it.  I attempted to contact Dropbox every day, I attempted to call sales, they would not do anything.  I contacted HR and they would not help.  I contact Investor Relations and they would not respond.  After many forms to support, I started to get a response around 2 am EST each day, never any other time of day and only one response.  Email would say they are working on it or would ask questions about my account.  I will be deleting my Dropbox account as there is no support and system is vulnerable and their system will send fraudulent emails with a virus in them reminding people to click on virus, which you have no way to stop. 

3 Replies 3

Mark
Super User II

As awful as the issue is calling other people cannot help. Dropbox has NO incoming phone support at all. So any numbers you do call are not Dropbox. Phoning other departments means they have to do the same - log a ticket. 

 

Unfortunately, as with any service, the support you get is based upon the plan you are on (i.e. paid support (rightly) gets priority. Its also worth remembering that like ALL services the user needs to take some responsibility in securing systems and services - emails, 2FA etc. 

 

This is not an issue limited to Dropbox - Google, Apple, Microsoft, Yahoo etc. it is all the same. 


 


:penguin::penguin: - :penguin: - :penguin: - :penguin:


Heart Did this post help you? If so please mark it for some Kudos below. 


:white_check_mark: Did this post fix your issue/answer your question? If so please press the 'Accept as Solution' button to help others find it.


:arrows_counterclockwise: Did this post not resolve your issue? If so please give us some more information so we can try and help - please remember we cannot see over your shoulder so be as descriptive as possible! 


 

rpmyer
New member | Level 2

This is not the same as other apps, the others do not send emails from their system reminding recipients to click on link that is a virus.  These are reminders Dropbox generated, not ones I generated or requested.  They also sent them out knowing that link was a virus.  I logged many claims, nothing was done for 123 hours.  I did not call anyone since they have no phone support for any department.  Other apps have fraud responds in less than 123 hours.  I had no ability to delete my account or stop criminal from access to my account.

Rich
Super User II

@rpmyer wrote:

They also sent them out knowing that link was a virus.


No, they didn't. An automated system continued to send emails, and it had no idea that it was a virus.

 


I logged many claims, nothing was done for 123 hours.

HOW did you file those claims? Did you open a ticket with Support? If so, what are those ticket numbers? Also, keep in mind that opening multiple tickets just moves you to the back of the line with each new request. You only need one ticket.

 


... and [the] system is vulnerable ...

This wasn't a case of the system being vulnerable. This was a case of someone gaining access to your account. That's not a vulnerable system. That's someone either guessing a weak password or gaining access to your credentials through another method, such as you using the same password for multiple services. That makes your account vulnerable, but not the entire system, and this is why features such as 2FA exist.

Need more support?
Who's talking

Top contributors to this post

  • User avatar
    Rich Super User II
  • User avatar
    rpmyer New member | Level 2
  • User avatar
    Mark Super User II
What do Dropbox user levels mean?