Child Item

Got 2 different "security code" emails I didn't ask for. What's going on? Is my account compromised?

Two days ago I received an official Dropbox email saying:

"Hi Charem, Finish signing in to Dropbox with this one-time security code: We noticed there was an attempt of signing in to your Dropbox account."

I didn't make this sign-in attempt. As my Dropbox account had an old password, I assumed it was compromised. I logged in and changed it to something new and more secure, reported the suspicious login, and considered the matter concluded.

Today, I got a new Dropbox email. Another 'finish login with your Dropbox security code'. New sign-in details. Still not me. I went in and changed the password again, and reported the attempt again, but... This new password was up for less than two days. I don't understand how it could've gotten compromised as well.

I have a VERY important question: Does a bad actor have to CORRECTLY enter both my email AND current password to trigger this security code email? Can the security code email be triggered another way that doesn't involve a password being compromised?

I have reviewed a ton of my activity now. I reset my emergency login code list. Made sure to unlink any old computers, unshare any files. Checked over my general Google security. I see nothing terribly amiss, so I must ask: HOW? How did I get two security code emails in two days when my account was under two different passwords?

I can't help but feel like this isn't a security loss by myself, but something very strange going on with Dropbox itself. If anybody has any thoughts, please share? I'm so confused, and alarmed.

And no, I don't have 2FA active currently. I could turn it on for sure, but I feel it would not stop...whatever is happening here.

Find more posts tagged with

Security

Account Access

Disagree

Accepted answers

Charem

I am glad to say that Thomas from Advanced Support was extremely MVP and emailed me back with a clear reply. Just in case this helps anyone that might float over to this thread, I'll share what he told me on this matter:

The first time you had received this, you had changed your Dropbox password, but it should be noted that these one time code emails can be sent when the incorrect password has been used when trying to enter the account. As such, if you have received such a message, even though you have changed your password recently, you may also want to consider changing your accounts associated email address.
This happens to prevent brute force guessing of user's passwords, but If there is anything else I can assist with in the meantime, please let me know.

...It's still worth noting to perform your security checks if you get an email such as the ones I did; you could still have a password breech on your hands. Be safe! But if you feel you are safe, then it is worth knowing that one-time code emails can indeed be sent about your Dropbox without any passwords being compromised, and can be just an indication of unsuccessful brute-force attempts of guessing your password. (I recommend changing your password just in case either way though!)

As the automated emails do not make this clear, I am so very glad Thomas did, and I hope this information helps someone else in the future. I'll mark this thread as resolved now.

All comments

Hannah

Hey @Charem, thanks for reaching out to us.

Indeed, the emails about attempted sign-ins only come when someone is trying to login to your account, however no issues have been reported about something like this.

In the email, you should also see the sign-in details; do they appear suspicious?

Have you tried using a different email address for your Dropbox account, to see if the issue persists?

Keep me posted.

Charem

The sign-in details are both from different US states I have not lived in, so they are definitely suspicious. Likely VPNs from some bad actors.

I could certainly switch my email used with my Dropbox, but that doesn't solve the underlying problem I am concerned about.

I ask again: Does my receiving one-time security code emails ABSOLUTELY MEAN that someone has correctly entered my email and correct password in an attempt to sign into my account? Please, I NEED to know this detail. Is there any situation where a security code could be sent without my password being compromised?

...Because I had a new password on this account for just two days before I saw the second security code email. If a security code indicates a successful password usage, that means my two-day-old password also got compromised... That feels impossible, unless the issue is WAY bigger than just Dropbox.

I hope you can answer this vital question.

Nancy

Hey @Charem, hope you don’t mind if I jump in.

Due to the nature of the issue, I believe it’d be better to have our support team look into this directly, so that they can check your Dropbox account too (as we don’t have any account visibility here on the forum).

Is it OK to reach you to the email address you see here? Is it the one linked to the Dropbox account in question?

Charem

That's fair Nancy, I am completely okay with you guys looking over the account. And yes, that email listed there is where I can be reached. Thanks for looking into this, I'll await further contact in email.

Walter

Thanks for the cooperation @Charem - I've just followed up via email so please have a look at your inbox and we'll take it from there.

Charem

I'd like to leave another message here as I feel dissatisfied with the help I've been getting on email. While I do appreciate the prompt interactions I've had with Dropbox staff, I don't feel anyone is truly listening to me or my very serious and important question, which is just not getting answered.

I was contacted via email, then told another person would contact me. They have, and reiterated general information I can look up myself, as well as advising things like changing my email, and notably, adding 2FA and changing my password.

While this is all good general security advice, that's not what I was seeking to get information on. In fact, that last two point, about 2FA and changing my password, particularly annoyed me. Because I've already done both of these things. (I am not changing my email because I'd actually like to watch out for these security codes coming in. Changing the email won't solve my issue, it would just make it harder to watch what's going on.)

Quick recap: I got a security code email that didn't come from my own attempts to login. I changed my password the moment I was aware that happened. Then two days later, I got a new security code email that didn't come from me. So I DID change my password already. What alarmed me was, how did that second security code request come through? The new password was unique and strong. How could they have hacked it so quickly?

But see, that's the question I need answered! Am I just making the ASSUMPTION that if I am getting a security code email from Dropbox, then that must mean that someone has successfully entered my email and correct password to generate that security code email. So:

- Is my assumption correct? Do security code emails only generate if someone CORRECTLY answered my email and pass?

- Is my assumption wrong? Can security code emails generate in circumstances other than someone correctly entering your password?

My entire internet security, beyond just my Dropbox account, hinges on knowing the answer to this.

I don't care about my stupid Dropbox account. I backed up its files. It could go explode for all I care. What I care about is my Google account, my many other side accounts, and everything else that I'm going to need to figure out HOW is compromised, if my assumption is correct.

Because I just changed the Dropbox password, and then I got a new security code email following that not two days later. And that is bloody alarming. And that is why I need my question answered. To know if my assumption is correct, or incorrect.

Please. Somebody who knows the answer to this. Just let me know this one answer. Please.

Charem

The first time you had received this, you had changed your Dropbox password, but it should be noted that these one time code emails can be sent when the incorrect password has been used when trying to enter the account. As such, if you have received such a message, even though you have changed your password recently, you may also want to consider changing your accounts associated email address.
This happens to prevent brute force guessing of user's passwords, but If there is anything else I can assist with in the meantime, please let me know.

As the automated emails do not make this clear, I am so very glad Thomas did, and I hope this information helps someone else in the future. I'll mark this thread as resolved now.

Hannah

Thanks for sharing your experience, @Charem, and I'm glad your issue got resolved.

If you need anything else, don't hesitate to let us know.

Have a great day!

Charem

Thanks Hannah, that concludes my matter. Have a good one.