Skip to content

Dropbox Legacy Token

Service Name: Dropbox

Service Description: Dropbox is a cloud storage service that allows users to store files online and synchronize them across devices. It offers file storage, file sharing, and collaboration features for individuals and businesses.

Service Address: https://www.dropbox.com/

Validation Type: -

IP Allow list: Does not exist

Secret Access Scope: Grants access to a Dropbox account with permissions defined when the token was created. Legacy tokens provide full access to a user's Dropbox account.

Secret Revokement URL: https://www.dropbox.com/account/security

Secret Example: 0123456789abcdefghijA1234567890123456789012345678901234567890123

Suspicious Activity Investigation Instructions:

  • Check Dropbox account activity logs for unauthorized file access or modifications
  • Review recent device sign-ins for unfamiliar locations or devices
  • Check for unexpected file sharing or permission changes
  • Monitor for unusual data download patterns or volume
  • Verify if any third-party app connections were added without authorization

Mitigation Instructions:

  • Immediately revoke the compromised token through the Dropbox security settings
  • Generate a new token if needed, using the newer OAuth 2.0 flow instead of legacy tokens
  • Enable two-factor authentication on the Dropbox account
  • Review and remove any unnecessary third-party app connections
  • Change the password of the associated Dropbox account
  • Review file access logs to identify potentially compromised data