Child Item

Compromised Account: changed password and authentication method.

We have a customer account that has been compromised where the threat actor has changed the password and authentication method. The user is not able to sign in the account and does not have any recovery codes. The threat actor is still sending malicious links from the dropbox account. We have opened a ticket but dropbox support tells us to login to the account to reset the password but that obviously is not possible. I have created a trial account just to see if I can get better support options and the community is the best I can find.

If someone from dropbox could please help here is the ticket number

Ticket #24311352

suspend the account, delete the account, reset the authenticator to force setup again then let us request a password reset, do whatever you can please because this has been going on for about a week now.

Find more posts tagged with

Security

Disagree

Accepted answers

caw81677

We did eventually hear from the advanced support team. They have suspended the account for now (which is excellent) and are giving us the opportunity to regain access through a questionnaire where we will provide several details on the account. So...for anyone that may come across this post, just be persistent. I know it is frustrating when there is no number to call and you are told your support request will be handled in 1 to 2 business days, only to be responded to and directed to "login and change the password on the account". I opened a second ticket referencing the first, not sure if that is what escalated it or just timing. Anyhow, it does appear that Dropbox has more ability to help than initially conveyed.

All comments

Mark

@caw81677 wrote:
I have created a trial account just to see if I can get better support options and the community is the best I can find.

Trial accounts cannot get paid levels of support because so many do exactly this I'm afraid - they upgrade to get help then cancel when they have it.

Unfortunately the only people who can help are the ones impacted - unless you were, at the time, a business plan you wont be able to get support for somebody else. It needs to come from their email. So they need to do the contact I'm afraid.

caw81677

The ticket # referenced was created by the impacted user. Just review the ticket and you will see. We really need this solved and so far Dropbox support is not helpful.

Mark

@caw81677 wrote:
The ticket # referenced was created by the impacted user. Just review the ticket and you will see. We really need this solved and so far Dropbox support is not helpful.

I dont work for Dropbox so I cant.

Dropbox support only works Mon through Fri so it wont be picked up to earliest Monday.

caw81677

RJEspinoza

I am in the middle of the exact same situation. Unfortunately, I cannot delete or suspend the account as we have clients linked to the information. It's been horrendous and I cannot find anyone to help. Everyone "escalates" to the advance team. This Advanced Team could all be Oompa Loompas for all I know. Right now, they have deactivated the account and saved the information. They also sent me a list of questions to confirm my member's identity. I have gathered the information, BUT the Advanced Team, in their infinite wisdom, closed the ticket.

At this point, my frustration level is through the roof. I keep telling everyone, my situation is URGENT. At this point, my co-worker and I have spent about 20 hours trying to get this straightened out. We each charge $200 for our consultant fees, who can I send an invoice to?

RJEspinoza

I see you're a super user. Great. I've been a paying business member since 2010. Dropbox has gotten a lot of my money. I am having the same issue. I am the only Team Admin and I cannot get anyone to help me. I am in an urgent situation and now this issue is going to cost me big $$$. And all I get is those crappy emails and a closed ticket telling me that the issue was resolved when it has not been.

DBX_Pedro

Hi @RJEspinoza,

Thanks for reaching out; we understand how frustrating this specific delay in resolving this issue can be.

A ticket has already been opened to address it, and we are actively working on it.