Child Item

Someone accessed my Dropbox account and I can't get help

Dropbox Plan
Professional
Are you a Team Member or Admin?
No
Do you have access to the email linked to the account?
Yes
Are there any devices connected to your Dropbox account?
Phone, tablet, work laptop

Question or Issue
A few days ago, My Dropbox account was hacked by an individual calling themselves Samuel Shimb (see screenshot below).

They managed to get access to my account even with 2FA enabled (via SMS)!

I want to make people aware of this and the fact that, when I raised this to Dropbox's chat and Support people, they downplayed it and said they's pass it along to their colleagues. Even when I mentioned in my communication with them that I had 2FA enabled, but did not receive any 2FA OTP, in their responses, they still went ahead to say that I must enable 2FA.

I have been asking for escalations without any assistance on this matter.

I am a paying Dropbox Professional customer, and I want to know how someone accessed my account outside of the normal authentication flow. Even if the hacker managed to obtain my Dropbox password (which I was not using anywhere else by the way), I want to know how they bypassed the 2FA. There were no indications in my GMail inbox of someone trying to reset my Dropbox password (so the hacker did not gain access to my email account first). I was able to login normally using my Dropbox account even after the attack.

This has resulted in sensitive information being exposed to an attacker whose intentions I do not know, including work files. However, Dropbox staff have been downplaying this isse. Maybe because this could be a vulnerability on the side of Dropbox and they won't admit that.

Find more posts tagged with

Security

Account Access

Two Factor Authentication

Disagree

Comments

Nancy

Thanks for posting on our Community, @phla, and I’m sorry to hear this happened.

Since I’d also like to have a look into this, can you share with me any ticket numbers you may have from your support requests?

Let me know when you’re ready.

phla

This is the ticket: https://www.dropbox.com/support/ticket/25516908. I submitted this ticket 7 days ago and no one has responded, which is deeply concerning.

In addition, when I use the chat functionality, I am simply being told to use 2FA, which I was already using when the breach occurred.

Megan

Hey @phla!

I checked into our system, and it looks like you have more than one cases and requests.

It looks like another ticket that you had with our specialized team has recent updates. Can you filter your email's inbox and also check your spam/junk folder to let me know if you can see them?

The best course of action is to continue via email with any follow-up questions that you might have. Feel free to reply back to the agent working on your case since they have more advanced tools, and account visibility in order to assist you with this.

If you have any other questions, let me know!

Buro Steel Framing

Hello, how are you? I had the same problem. My paid Dropbox account was hacked by a person named Samuel Shimb, who's asking for a $1,000 ransom to get my files back. Were you able to recover yours? My email is Max Molina. Send me your contact information.

Anuj3

Hii , i have been hacked as well by the exact same person on 21/09/2025, if you guys got any solutions please let me know

Mark

Hi @Buro Steel Framing and @Anuj3

Have you both done what has already been said and logged a ticket at http://www.dropbox.com/support ?

Anuj3

@Mark I have already raised a ticket, is there anything else that i should be doing?

Hannah

Thanks for the reply here @Anuj3.

I can see that you have an update on your ticket; please make sure to keep an eye on that email thread, as it's the only place you can get updates on your case and hopefully, you and the team will get to the bottom of this.

Buro Steel Framing

Hello, my ticket number is 25494658. I still haven't received a response regarding the recovery of my files. Someone is extorting me a $1,000 ransom to get them back. I need a solution from the Dropbox team!

Mark

The only people who can help are the support team on the ticket.

Note that if they are permanently deleted (i.e. you have no recovery showing at http://www.dropbox.com/home when you show deleted items) they cannot help I'm afraid.

Emma

Hi @phla,

Thank you for reaching out to us and for your patience while we’ve investigated this situation.

We know how stressful it can be to face issues with your Dropbox account, and we want to help you get back on track as quickly as possible. We’re also looking into your support requests and you’ll be hearing directly from a support agent shortly to troubleshoot further.

From our investigation, it looks like there are few possible reasons that could explain what happened here. Below, we’ve outlined the most likely scenarios along with clear steps you can follow right away to secure your account.

How this might have happened

Someone would need both your email address and password to access your Dropbox account or change your login details. This can happen in a few ways:

Phishing: Attackers sometimes create very convincing emails or websites that look legitimate, making it difficult to spot they’re fake. If this happened, they may have obtained your login details that way.
Email account access: If someone gained access to your email, they could reset your Dropbox password.
Reused passwords: If you used the same password on another service that was breached, attackers may try it on Dropbox. (I note that this is not your case, @phla, as you didn’t use your Dropbox password anywhere else).
Shared passwords: If you gave your login details to someone else, they may have used them to sign in.
Password guessing: Someone could have correctly guessed your password.

Steps to secure your Dropbox account

Here are some important actions to take:

Change your Dropbox password:
- Use this link to reset it.
- Choose a strong, unique password that you don’t use anywhere else.
Update your email password:
- Make sure the email linked to your Dropbox account also has a strong, unique password.
Turn on two-factor authentication (2FA)
- This adds an extra layer of protection by requiring a six-digit code in addition to your password when signing in. Learn more here: Enable 2FA.
- I see you have 2FA enabled, @phla, but worth double checking it’s all working correctly.
Check your account activity:
- Review devices and web sessions: Manage devices.
- Review connected apps: Manage apps.
- Review shared folders: Manage shared folders.
- Review shared links: Manage shared links.
Secure the Dropbox mobile app:
- Add a passcode so it’s required every time you open the app. Learn how: Set up a passcode.
Secure your computer:
- Always require a password to log in, and set your device to require it again when waking from sleep or unlocking the screen.

We recommend that you go through these steps to ensure your account is secured.

If you notice anything else unusual after going through these steps or have additional details that could shed light on what happened, we'd appreciate you sharing them with us. We’re here to work with you to get this resolved and to keep your account safe.

Emma