Dropbox Legacy Token
Service Name: Dropbox
Service Description: Dropbox is a cloud storage service that allows users to store files online and synchronize them across devices. It offers file storage, file sharing, and collaboration features for individuals and businesses.
Service Address: https://www.dropbox.com/
Validation Type: -
IP Allow list: Does not exist
Secret Access Scope: Grants access to a Dropbox account with permissions defined when the token was created. Legacy tokens provide full access to a user's Dropbox account.
Secret Revokement URL: https://www.dropbox.com/account/security
Secret Example: 0123456789abcdefghijA1234567890123456789012345678901234567890123
Suspicious Activity Investigation Instructions:
- Check Dropbox account activity logs for unauthorized file access or modifications
- Review recent device sign-ins for unfamiliar locations or devices
- Check for unexpected file sharing or permission changes
- Monitor for unusual data download patterns or volume
- Verify if any third-party app connections were added without authorization
Mitigation Instructions:
- Immediately revoke the compromised token through the Dropbox security settings
- Generate a new token if needed, using the newer OAuth 2.0 flow instead of legacy tokens
- Enable two-factor authentication on the Dropbox account
- Review and remove any unnecessary third-party app connections
- Change the password of the associated Dropbox account
- Review file access logs to identify potentially compromised data