Dropbox App OAuth Token
Service Name: Dropbox
Service Description: Dropbox is a cloud storage service that allows users to store files online and synchronize them across devices. It offers file storage, sharing, and collaboration features for individuals and businesses.
Service Address: https://www.dropbox.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the team level for Dropbox Business accounts, but not directly for individual OAuth tokens.
Secret Access Scope: Grants programmatic access to Dropbox accounts and files according to the scopes defined during OAuth authorization. Can allow reading, writing, and managing files and folders in a Dropbox account.
Secret Revokement URL: https://www.dropbox.com/account/security
Secret Example: sl.BXhU2tpFVxxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Suspicious Activity Investigation Instructions:
- Review the Dropbox account's recent activity log for unauthorized file access or modifications.
- Check for unfamiliar devices or locations that have accessed the account.
- Examine file sharing settings to ensure no unauthorized sharing has occurred.
- Review any third-party app integrations that may be using the OAuth token.
- Check for unexpected file deletions, modifications, or uploads.
Mitigation Instructions:
- Immediately revoke the compromised OAuth token by going to Dropbox account settings > Security > Connected apps and devices.
- Generate a new OAuth token with appropriate scopes if the integration is still needed.
- Review and update password for the associated Dropbox account.
- Enable two-factor authentication if not already enabled.
- Review and remove any unnecessary third-party app integrations.
- Check file version history to restore any modified or deleted files.
- Monitor account activity for a period after the incident to ensure no further unauthorized access.