Child Item

Why was my 2FA disabled after logging into the iOS app?

I tried to log in to the iPhone mobile application yesterday, and was presented with 2FA. I entered the codes which came up invalid. I went back and tried another password which then worked and logged me in immediately. Overnight I have had someone try and access my gmail account using the password that I first entered on the mobile application. And upon logging in to Dropbox I can see that I do not have 2FA enabled.

Is the iPhone app compromised?!?

Find more posts tagged with

Security

Disagree

Accepted answers

Jay

The Dropbox mobile app shouldn't be compromised in any way, as we take security very seriously.

I've just tested this on my device, when you login on the app, you'll get an email confirming that this was a valid login attempt, regardless if the password itself was correct or not.

All comments

Jay

Hi @Chrobirch, thanks for messaging the Community.

Could you clarify what 2FA code you're referring to? Is this the 6 digit code sent to you via email, or the normal 2FA methods shown on this page?

This will help me to assist further!

Chrobirch

Hi Jay, they were sent to the email I used to log in with, 6 digit code.

Jay

This sounds like the security code used when accessing the Dropbox site or app from a new location. This is generally sent only once, unless you attempt to login using a different network or IP address.

Regarding the second login, did you provide your account credentials to another individual?

Chrobirch

No details have been provided to anyone else.
I entered the wrong password and was then sent the emails and asked to enter the codes.
If my log in information was wrong, would it not simply tell me that the password was incorrect?
Could my iPhone be compromised in any other way?

Jay

The Dropbox mobile app shouldn't be compromised in any way, as we take security very seriously.

I've just tested this on my device, when you login on the app, you'll get an email confirming that this was a valid login attempt, regardless if the password itself was correct or not.

Chrobirch

Ok, thanks. Must be a coincidence, as this was the only time I have disclosed that password. I will check out my phone further.