You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.
Forum Discussion
No Response from Dropbox re: Compromised Accounts
Over the past ~30 days, we have had several clients who have experienced misuse of their Dropboxes following a business email compromise event.
These threat actors are doing the following:
- Successfully phish a user to gain access to their business email account
- Download the users contact list
- Set a rule to hide incoming emails from Dropbox
- Create a new Dropbox account using the compromised business email address or take over the users pre-existing Dropbox account by resetting the password
- Reconfigured MFA / Enabled MFA
- Upload malicious files and share them using the stolen contact list from within Dropbox
While we are able to secure the users email account, we have been unable to recover/reset/disable the malicious Dropbox accounts due to the threat actors changing the MFA.
This is extremely concerning as Admins cannot see when these malicious files are shared out, and the shares appear legitimate to recipients because they come direct from the Dropbox domain and the sending accounts are tied to legitimate business email addresses.
I created a ticket (#23873516) with the Dropbox Abuse division on June 13, 2024 and have not received any response.
Please advise on what steps we must take to shut down these malicious Dropbox accounts and stop the spread of these attacks.
