Child Item

My password was changed by someone else. What are the next steps?

Ok, here is my story - looking for info and/or advice.

My Xfinity email account has been hacked several times over the past year. The last time (5 months ago) and yesterday, the hackers were able to use the email account to gain access to my Dropbox account.

Last time, I enabled 2-factor security in Dropbox with both a mobile authenticator app and physical security keys.

Yesterday, my Dropbox password was hacked and changed...

I knew it was happening because I was aware that my email was being hacked and was literally dealing with it as it was happening.

I realized that my Dropbox password was changed and I immediately changed it again. I WAS asked for 2-factor verification using the mobile app. I might have been asked for the security key, too - I don't remember exactly as I was dealing with several things at once. Point is that I WAS asked for something 2-factor to authenticate and allow the password change to occur.

What I find troubling is that "they" were able to change the password/gain access to my account with 2-factor in place... Isn't that the whole point of having 2-factor? A physical "key" which you must be in possession of in order to make certain changes to the account???

I chatted with Luis in Customer Support - absolutely NO HELP WHATSOEVER - basically stated "no idea how that happened" and said that the problem was probably my computer's security or that I had used public wifi... Public wifi never happened. I pressed him to escalate the case or forward it to a security team (does that even exist??). He asked to move the chat to email - I suspect as a way to get rid of me..

Any info / advice would be appreciated. Thanks for your time.

Find more posts tagged with

Security

Account Access

Two Factor Authentication

Disagree

Accepted answers

Nancy

Hey @mathetesbl, I'm sorry to hear about your experience.

I've checked your convo with our support team, and I'd definitely recommend replying back to them in the same email thread.

This way, they can send this over to our specialized team for you, and they'll investigate the issue on their end.

Let me know if you have any kind of trouble with this, though. Jay has also left an internal note for you.

All comments

Jay

Hi @mathetesbl, thanks for bringing this to our attention.

Did you move to email to continue this conversation? Do you have a ticket ID in order to locate it on the system?

This will help me to assist further!

mathetesbl

Yes, it was moved to email.

Ticket #22488869

Jay

Thanks for the information, have you replied to the email requesting further assistance?

mathetesbl

In reality, there was no reason to reply. Here are Luis' two responses to me:

Hi Bruce,

Thank you for chatting with Dropbox Support today! This email includes a ticket number for your reference.

As we previously discussed on our chat, you wanted to know why your account has been hacked.

I would like to inform you that we do not have any information on our end regarding why your account was hacked, This has to do with your computer security on which we do not have access to.

Let me know if you need more information, and I will be more than happy to assist.

Regards,
Luis

and last email:

Your issue has been marked as solved.

He was NOT helpful in chat, nor email. I felt as if he did NOT comprehend what I was saying. Clearly, since I felt he could offer no help, I did not see the point of continuing with him.

That is why I am here.

Nancy

Hey @mathetesbl, I'm sorry to hear about your experience.

I've checked your convo with our support team, and I'd definitely recommend replying back to them in the same email thread.

This way, they can send this over to our specialized team for you, and they'll investigate the issue on their end.

Let me know if you have any kind of trouble with this, though. Jay has also left an internal note for you.