cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community
English
Announcements
If you’ve changed your email address, now's the perfect time to update it on your Dropbox account and we’re here to help! Learn more here.

Security and Permissions

Start a discussion in the Dropbox Community forum to get help with your account security and permissions. Find support from Community members.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

No Response from Dropbox re: Compromised Accounts

No Response from Dropbox re: Compromised Accounts

MSP-SOC
New member | Level 2
June

Over the past ~30 days, we have had several clients who have experienced misuse of their Dropboxes following a business email compromise event.

These threat actors are doing the following:

  • Successfully phish a user to gain access to their business email account
    • Download the users contact list
    • Set a rule to hide incoming emails from Dropbox
  • Create a new Dropbox account using the compromised business email address or take over the users pre-existing Dropbox account by resetting the password
    • Reconfigured MFA / Enabled MFA
    • Upload malicious files and share them using the stolen contact list from within Dropbox

While we are able to secure the users email account, we have been unable to recover/reset/disable the malicious Dropbox accounts due to the threat actors changing the MFA.
This is extremely concerning as Admins cannot see when these malicious files are shared out, and the shares appear legitimate to recipients because they come direct from the Dropbox domain and the sending accounts are tied to legitimate business email addresses.


I created a ticket (#23873516) with the Dropbox Abuse division on June 13, 2024 and have not received any response.
Please advise on what steps we must take to shut down these malicious Dropbox accounts and stop the spread of these attacks.

  • 0 Likes
  • 3 Replies
  • 327 Views
0 Likes
3 Replies 3

Nancy
Dropbox Staff
June

Hey @MSP-SOC, I’m sorry to hear about this situation. 

 

Since this is an account security matter that needs to be investigated internally indeed, I can try to log a ticket for you and check this further.

 

Can I message you to the email address showing here

 

Let me know.

Nancy
Community Moderator @ Dropbox
dropbox.com/support


Heart Did this post help you? If so, give it a Like below to let us know.
:arrows_counterclockwise: Need help with something else? Ask me a question!
:pushpin: Find Tips & Tricks Discover more ways to use Dropbox here!
:arrows_counterclockwise: Interested in Community Groups? Click here to join!

0 Likes

MSP-SOC
New member | Level 2
June

Hi Nancy,
Yes I can be reached at that email address.

0 Likes

Nancy
Dropbox Staff
June

You’re all set, @MSP-SOC. Please reply to my email, when possible, and we’ll take it from there.

Nancy
Community Moderator @ Dropbox
dropbox.com/support


Heart Did this post help you? If so, give it a Like below to let us know.
:arrows_counterclockwise: Need help with something else? Ask me a question!
:pushpin: Find Tips & Tricks Discover more ways to use Dropbox here!
:arrows_counterclockwise: Interested in Community Groups? Click here to join!

0 Likes
Need more support?
Who's talking

Top contributors to this post

  • User avatar
    Nancy Dropbox Staff
  • User avatar
    MSP-SOC New member | Level 2
What do Dropbox user levels mean?