Context
Once upon a time, back in yee olde 2012, I signed up for a Dropbox account to share a few Survivalcraft worlds with the community.
It worked well! But then, 8 years later, disaster struck. I wanted to experience my early creations again, but all of the public links to my worlds were gone, and I couldn’t sign into my Dropbox account anymore.
I realized that I’ve deleted my Microsoft account a while ago, meaning that the @live.com email address that I used to sign up for Dropbox with, was also gone. Re-registering was not an option as Microsoft stopped allowing registrations on that domain many years ago. And when trying to sign into my Dropbox account, I’d be met with a message that I’ve never seen before:
But what if I can’t enter the code? |
Back in 2016, a password leak occurred at Dropbox. Tens of millions of email addresses and hashed passwords were leaked. Dropbox dutifully reset everyone’s passwords, meaning that I could no longer log into my account, and since it was such a long time ago, I didn’t have any other devices logged in.
And so began the worst customer support hell that I’ve ever experienced.
First contact
First thing I did was to check if there are any other people also affected by this, which landed me on this Dropbox Forum thread. Seems like I wasn’t the first person to be caught off-guard by password expiry. Seeing that people are getting responses by “Dropboxers” (what does this title mean? are they even employees?..) I’ve decided to create a ticket as well and wait for a response.
No response ever came. My ticket fell through the couch cushions at Dropbox home offices. Great customer experience eh?
There were no more replies to this ticket, ever |
Dismayed, but not really surprised, I posted a message sharing this experience to the Dropbox forum thread on 6th of June. Thankfully, a “drop boxer” responded and a new ticket was generated.
Dropbox Community Support Follow Up - Part 1
Finally, I received a response from the Dropbox support team on June 10th, and it asked me to acknowledge that it was me who requested help. I oblige and send a response saying “of course, here’s my response.” 4 days later, I receive a reply:
Kylie, Jun 14, 2021, 10:15 PM PDT:
…
Thank you for contacting Dropbox Support. My name is Kylie, and I will be assisting you today.
From my understanding, you are having difficulty accessing your Dropbox account.
Can you please send me a screenshot of the error message you see, so I can investigate further? If you have questions about how to take a screenshot on your device, please see the following: …
Dutifully, I’ve sent a screenshot of the message asking me for a 6-digit code, as well as reiterating that I cannot access my @live.com email anymore and there are no devices linked to the account.
One week later.
Kylie, Jun 21, 2021, 1:45 AM PDT:
…
Thank you for reaching out about this. There are a few different things we can try to help you sign back into your account. Please read through the options I’ve included in this email.
If you have a device that is currently linked to your Dropbox account, you can regain access through that device using the following steps:
- After attempting to log in with the expired password on the account, click “I can’t recover my account using this page”.
- You’ll see a prompt asking if you have a device linked to the Dropbox account. Click “yes” to proceed.
- You’ll then see a page with the button “Send notifications”. Please note that this will send notifications to all of your linked devices and mobile apps.
- Open the notification, which should take you to the Dropbox app.
- Click “details”. This will open up a browser or view, where you can enter a new email. You’ll receive a password reset link in your new email address’s inbox. After you’ve reset your password, your Dropbox account email will be switched to your new email.
If you are unable to receive a password reset email using the above method, then you will need to authenticate yourself manually. Please provide the following information:
- What is the email for the account you are trying to access?
- What is the full name on the account?
- When did you create the account?
- What city are you currently in?
- What city were you in when you last successfully logged into Dropbox?
- What is the name of a file that you have recently uploaded to Dropbox?
- What is the name of any person with whom you share a folder and what is the name of that shared folder?
- What is the name of any linked computer?
Looking forward to your response.
Kind Regards, Kylie
Finally, we’re getting somewhere! Ignoring that this is an obvious template which is asking me to do something that I’ve said I can’t do (use a logged-in device), I submit the necessary info for a manual authentication. Maybe, just maybe, this will be the end of this whole issue.
Another week passes. I receive an email stating that my ticket is being transferred to someone else. Whatever, I just want to get this over with.
A few hours later:
Ash, Jun 28, 2021, 2:18 AM PDT:
…
Thank you for contacting Dropbox. My name is Ash, part of the Enhanced Support team and I will be helping you today.
Thank you for providing that information.
We have been able to successfully identify you as the owner of the account, and have temporarily disabled the requirement to enter the one time verification code.
Please sign in, and immediately change your email address to one that you own.
Let me know if you have any issues.
Regards, Ash
Hooray! No more 6-digit codes! I can finally log in and re-experience my bootleg Minecraft worlds once again!
Oh. |
Now it says that my email or password is incorrect. Wut?
I let Ash know about this inconvenience.
Me, Jun 28, 2021, 2:27 AM PDT:
Hi Ash,
Thank you, but now the Dropbox website says that I’ve entered an invalid email or password, even though I’m entering the same ones as before. It also displays the following warning:
< screenshot of the error above >
I can’t reset the password as the warning says since I can’t log into …@live.com email address. Please help?
11 minutes later, Ash fires back with this banger:
Ash, Jun 28, 2021, 2:38 AM PDT:
…
Thank you for your response.
If you don’t have access to the email address registered to your Dropbox account and the password is not recognized, unfortunately we have no way to help you regain access to that account.
If possible, we recommend that you contact your email service provider to regain access to your email account and then you can request a password reset link for your Dropbox account.
For security reasons, it is not possible for us to manually transfer files from one account to another account.
If you need any further assistance, or if you have any other Dropbox questions, please just reply to this email, and I would be happy to help.
Regards, Ash
It’s a catch-22! Since my password was no longer recognized, I couldn’t prove that I’m the account owner, and thus Ash technically couldn’t help me anymore. I respond to this email as soon as I see it, explaining that I’m entering the same credentials as before, and that whatever he did caused it to stop being accepted.
The next few emails will be presented without commentary, so that you can experience the same level of pain that I’ve experienced:
Jun 28, 2021, 12:45:
I HAVE the password, read the ticket. You’ve just invalidated my password, hence it’s not being accepted anymore. Fix the issue that you’ve created instead of trying to weasel out of it.
Jun 28, 2021, 13:29:
I’ve triple-checked the password and I’m 100% certain that it’s correct. Whatever you did caused it to stop working. Below is a screenshot from 15th of June when I was still able to use it to log in:
< screenshot of the message asking for a code >
Please undo whatever you did and let me log into my account, Ash.
Jun 30, 2021, 11:23:
Please escalate this issue. My password was recognized before you started working on this ticket, and you’re refusing to undo your actions that caused it to become unrecognized.
As mentioned before, I can’t access this email, and Microsoft doesn’t provide any support for @live.com domains anymore. It’s impossible for me to regain access to …@live.com. I’ve attached my email conversation with Microsoft support from a previous Dropbox support ticket.
Jul 11, 2021, 5:13 PDT:
Ash, I just wanted to let you know that your support has been terrible. You’ve locked me out of my account, and now you’re plain ignoring my requests and refusing to do anything to solve this ticket. I’ll make sure to let others know that Dropbox is not a safe place to store files, seeing as it relies on the email as the only means of verifying identity, and the Dropbox support being almost entirely useless in access recovery matters.
I won’t be making another ticket to regain access to my account. This has been a pointless exercise in futility, and I’ve given way more information about myself to go through pointless manual verifications.
Dropbox Community Support Follow Up - Part 2 — Electric Boogaloo
I didn’t expect a reply after sending my last email. It felt obvious that this was an exercise in futility. However, my bottom-of-the-barrel expectations were slightly moved when I received a response one day later.
It was now Elise, making a half-hearted apology for “any inconvenience” and asking me to reply to the ticket, as my last message apparently generated a new one. I do the needful and wait for a response. Shortly after, Elise transfers it to Violet.
Violet, bless her heart, actually read the ticket and didn’t send me the same template that others did. The email asked for the same information that I’ve submitted before for a manual authentication, which is fine. It’s a different ticket, and security requirements can be like that sometimes.
I copy-paste the same information and send it off.
A day later, Violet confirms that I’m indeed the owner of the account and disables the one-time code requirement:
Violet, Jul 13, 2021, 6:23 AM PDT:
Thank you for providing that information.
We have been able to successfully identify you as the owner of the account, and have temporarily disabled the requirement to enter the one time verification code.
Please sign in, and immediately change your email address to one that you own.
Let me know if you have any issues.
Thank you for contacting Dropbox Support.
Regards, Violet
Armed with previous experience, I set my expectations low and try logging in again. No dice, I’m still being asked for a code. I let Violet know.
15 minutes later, Violet asks me to log in again. I oblige. Now I’m getting the famous “invalid email or password” error. An email with the screenshot is sent over for Violet to inspect.
Violet… Violet sends me this:
Violet, Jul 13, 2021, 6:53 AM PDT:
The error below looks like you’re entering the wrong password or email.
Please ensure you’re inputting the correct password to proceed.
Regards, Violet
I try my best to hold back any anger that I might’ve held at that time and let her know that I’m using a password manager.
I’m asked to use an incognito browser, but still, no dice.
Me, Jul 13, 2021, 8:43 AM PDT:
I just tried logging in using Edge in incognito mode to eliminate any potential issues, still getting the same error. Screenshot attached.
Violet attempts to crush any hope that I’ve had of regaining access:
Violet, Jul 13, 2021, 8:57 AM PDT:
It appears that the password you’re entering is incorrect.
At Dropbox, the security of your data is our highest priority. We use your email address to verify your ownership of a Dropbox account.
If you can’t access the email address you use for your Dropbox account, we can’t verify ownership of the account and can’t help you regain access.
There is no way for you to request a password reset as you do not have access to the email address.
If you create a new account, let me know if you’d like me to transfer your referral space from your old account to your new account.
At this point, I’m just tired of dealing with these people who I’m not even whether they’re real or are AIs using fake names. I point out that this isn’t supposed to be happening and that there’s obviously an issue with the Dropbox login system:
Me, Jul 13, 2021, 9:01 AM PDT:
Please understand that this is exactly what happened last time when Ash was helping me with this case and what you fixed when you started working on this case. This error started happening after you’ve sent me the message saying “Please try again, it should now work“.
I’m entering the same login details as at the start of the day. There’s obviously some issue within Dropbox that’s causing me trouble.
Please. I’m tired of going through this rigmarole. I want my files back.
Codename “Violet” reiterates its last message:
Violet, Jul 14, 2021, 2:17 AM PDT:
Hi …,
As previously mentioned, if you don’t have access to the email address registered to your Dropbox account and do not know the password, unfortunately we have no way to help you regain access to that account. If possible, we recommend that you contact your email service provider to regain access to your email account and then you can request a password reset link for your Dropbox account. For security reasons, it is not possible for us to manually transfer files from one account to another account.
Thank you for your understanding.
Regards, Violet
Dropbox Community Support Follow Up - Part 3 — New Hope
17th of November. It’s a nice Wednesday morning. I decide to try logging in again, just to wallow in regret and pity of blocky 3D worlds lost to a ginormous megacorp.
Suddenly, I realize that I’m being asked for a 6-digit code again! My password is no longer invalid, and that means that I can try my luck at beating Dropbox Support once again. I try to reopen the ticket:
Nov 17, 2021, 10:03:
Hi,
I’d like to reopen this ticket as I just managed to recall my password. I’m getting the following error:
< screenshot of the one-time code message >
Please fix this error so that I can log into my account. There’s no need to verify my identity again as that was already done in this ticket.
No response. Figures.
Meanwhile, I check the Dropbox Forums thread mentioned before. A few people also got a response from “box droppers”, but nobody seems to be getting anywhere either. One person needs photos from their account for a funeral, another lost their son’s baby and has photos stored in a Dropbox account that they can’t access due to this code check.
As succinctly put by “Candacejack”, “so many memories to be lost by the hands of people(s) making non-user friendly decisions at Dropbox.”
Someone called “Mark”, who is a “Super User II”, chimes in with the following:
@Candacejack I’m afraid Dropbox have publicly said that without access to the email address the account is unrecoverable. Thats probably why the tickets are being closed without reply - because they are sending the reply to the other email address. There is no way to verify who you are without your email.
Candacejack correctly points out that no other company would be so uncooperative with a simple matter such as losing access to your email address:
Hi @Mark which doesn’t make any sense…other apps give you the option to change your email - personal information etc., as long as you know your old email and password (phone# if applicable); These companies are smart enough to realize things like an email being hacked and needing to be closed or other valid reasons. Why can’t Dropbox do this? I know my old email and password, however, they expired it, this is their wrong doing that they need to fix. Dropbox really needs to be held accountable for ruining the trust people had in their app. I’m upset along with many others that can’t access their pictures or files. My children’s pictures from birth are on here, I have no other early memories. There has to be some sort of ladder or legal action someone can or has already taken? @Jay
Mark responds:
Unsure on legal action etc. but I do know that this is stated in the T&Cs - you need to have an active email account to use the system. If you dont then you cannot guarantee access.
There public statement on this is at : https://www.dropboxforum.com/t5/Dropbox-tips-tricks/I-lost-access-to-my-email-address-how-do-I-sign-in-to-my-Dropbox/m-p/512928
The link above does address a few common issues and solutions, but stops short at “contact your email service provider” if your password has expired.
When I saw this, I realized that there is a potential legal avenue for getting access to my account — GDPR. Specifically, the rectification procedure. What if I asked Dropbox to “correct” the email address for my account?
I send a new email to [email protected] using a template from datarequests.org:
Nov 17, 2021, 10:08:
To Whom It May Concern:
I am hereby requesting rectification or completion of inaccurate personal data concerning me according to Article 16 GDPR.
Please make the following changes:
- Update name to < my name >
- Update Email address to < my email address >
In case you have disclosed the affected personal data to one or more recipients as defined in Article 4(9) GDPR, you have to communicate my request for rectification of the affected personal data to each recipient as laid down in Article 19 GDPR. Please also inform me about those recipients.
My request explicitly includes any other services and companies for which you are the controller as defined by Article 4(7) GDPR.
As laid down in Article 12(3) GDPR, you have to confirm the rectification to me without undue delay and in any event within one month of receipt of the request.
I am including the following information necessary to identify me:
- Name: < my name >
- Email: < my old @live.com address >
If you do not answer my request within the stated period, I am reserving the right to take legal action against you and to lodge a complaint with the responsible supervisory authority.
Thank you in advance.
One day later, Jack responds and provides instructions on how to update this info myself. I ask him to proceed with my rectification request. Another day passes.
Jack responds with a message that they’ve certainly sent to other people before, confirming my fears that GDPR might not be able to help me:
Thank you for your email.
Please note Dropbox has developed means for you to update your data yourself, and cannot verify your new email address on your behalf. You will need to follow the steps provided to update your information.
Dropbox has an obligation to take all reasonable measures to verify the identity of a data subject making a request, in particular in the context of online services and online identifiers. This means that when a user has chosen to use our service to protect their documents by storing them in a password-protected Dropbox account, we require them to log in using their chosen credentials in order to authenticate their ownership and update their information accordingly.
If you are having difficulty accessing your account, please let us know and we can assist you.
With my tail under my legs, I tell Jack that I am indeed having difficulty accessing my account, and attach a screenshot. Jack transfers the ticket to someone else.
I get a message from Leah, and they say this:
Based on the information provided, my understanding is that you are locked out from your Dropbox account because you no longer have access to the associated email. I am sorry about that, and I do understand that this can be frustrating. However, please, keep in mind that at Dropbox, the security of your data is our highest priority. We use your email address to verify your ownership of a Dropbox account.
There are a few different things we can try to help you sign back into your account. Please read through the options I’ve included in this email.
The options provided are exactly, one-to-one, same as what I’ve received when I first started this misadventure. Either use a logged-in device or submit information for a manual authentication. I chose the second option. Leah confirms that the info is correct and transfers the ticket once again.
You won’t believe what happens next!
Part 3.5 — Deja Vu
It is now 19th of November, and Nina picks up the ticket. I am once again verified as the true, honest to goodness owner of the account, and the one-time verification code check is claimed to be disabled.
Of course, it doesn’t work, and I receive an incorrect email or password error. I tell Nina about this, attach a screenshot, and preemptively confirm that the password is most definitely correct.
4 days pass. Nina asks me if I tried to reset my password when I saw the error, and asks for confirmation on whether I still need help. I’m starting to wonder if I’m talking to another AI, but proceed anyway.
Me, Nov 23, 2021, 1:24 AM PST:
Hi Nina,
I didn’t try resetting my password as I assumed this would require clicking a link sent to …@live.com, which I no longer have access to (as initially mentioned). Also, it’s asking me for a 6-digit code again.
I confirm that I still need assistance with logging in.
Another day passes, and Nina finally confirms my worst fear – Dropbox exclusively uses email to verify ownership. All of those manual authentications were designed to frustrate people into not responding. There is no way to recover my account.
Nina, Nov 24, 2021, 9:02 AM PST:
…
At Dropbox, the security of your data is our highest priority. We use your email address to verify your ownership of a Dropbox account.
If you can’t access the email address you use for your Dropbox account, we can’t verify ownership of the account and can’t help you regain access.
However, there are three possible ways to regain access to your files:
- Your email service provider may have a way for you to recover your email address. I recommend checking your email provider’s help resources to see if this is possible.
- If your password was expired by Dropbox for the security of your account, Dropbox support can assist.
- Your files may be available on a device connected to your Dropbox account.
“Expired passwords” — We occasionally expire passwords as a proactive security measure to protect your account. In this case, we can help you update your password.
However, we have tried to reset your password to gain access and this does not seem to be the case.
“Find your files” — If you’re unable to reset your password or gain access to your email account, you may still be able to access your files if you’re signed into Dropbox on a device. This could be your phone, tablet, or even a friend’s computer. If you’re signed in on any of these devices, you can transfer your files to a computer or to a new Dropbox account.
Note: Don’t use a public computer to follow these instructions. This will download your files to a public computer and compromise the security of your files.
On your smartphone: You can use the remote installation process to transfer your files to a new Dropbox account if:
- You’re signed in to Dropbox on your smartphone
- You have access to a computer
Follow these steps to remotely install Dropbox on your computer and regain access to your files:
Open the Dropbox application on your smartphone. Tap the “Settings” tab. Tap “Link a Computer.” Follow the instructions indicated on this flow. Once you scan the QR code, the Dropbox desktop application will download and all files in your Dropbox account will be available on this computer. You’ll automatically be signed in to your Dropbox account on your computer.
You can transfer the files to a new Dropbox account by unlinking and relinking the Dropbox desktop application to a new account:
a. On dropbox.com, choose to create a new account. b. Unlink your old Dropbox account, then relink your new one using the steps in this Help Center article:
https://www.dropbox.com/help/25
On your computer: If you’re signed in to the Dropbox application on your computer, your files should be available locally in your file explorer.
Click the Dropbox logo in your menu bar or system tray. Click the folder icon. Your local Dropbox folder should open. From there, you can copy your files into another folder.
You can transfer the files to a new Dropbox account by unlinking and relinking the Dropbox desktop application to a new account:
a. On dropbox.com, choose to create a new account. b. Unlink your old Dropbox account, then relink your new one using the steps in this Help Center article:
https://www.dropbox.com/help/25
If you create a new account, let me know if you’d like me to transfer your referral space from your old account to your new account.
Thanks, Nina The Dropbox Team
Part 4 — Despair
At this point, I’m looking for any way to keep this ticket going. I notice the following sentence: If your password was expired by Dropbox for the security of your account, Dropbox support can assist.
I point this out to Nina:
Me, Nov 24, 2021, 9:20 AM PST:
Hi Nina.
Thank you for taking the time to write such a detailed response. I saw this paragraph in your message, which I believe means that you can still help me with regaining access to my account:
“Expired passwords” — We occasionally expire passwords as a proactive security measure to protect your account. In this case, we can help you update your password.
However, we have tried to reset your password to gain access and this does not seem to be the case.
Are you sure about that? Go to haveibeenpwned.com, enter my email address (…@live.com) and you’ll see that it was in a mid-2012 Dropbox password leak (relevant news article: https://www.vice.com/en/article/78kevq/dropbox-forces-password-resets-after-user-credentials-exposed). Dropbox reset my password in August 2016 as it was a part of this leak.
Therefore,
However, there are three possible ways to regain access to your files: …
- If your password was expired by Dropbox for the security of your account, Dropbox support can assist.
Please assist me with regaining access to my account.
Nina responds shortly afterwards, saying that my password wasn’t expired. I call her bluff, as I’m certain that I haven’t logged into this account in ages, therefore it’s impossible that my password isn’t expired. Why else would Dropbox be asking for a one-time code?
Besides this, I also attach a conversation that I had with Microsoft Support, where they confirmed that they won’t help me recover my @live.com address, and ask Nina to not send me another template as a response.
Shockingly, Nina actually listens and confirms that she understands my situation. For once, I feel relieved.
Nina, Nov 25, 2021, 1:01 AM PST:
Thanks for coming back to me.
As previously mentioned, if you don’t have access to the email address registered to your Dropbox account and do not know the password, unfortunately we have no way to help you regain access to that account.
You have said you know your email and your password, however you do not have access to your email address.
We have deferred the 6 digit code for you a few times, yet you still have not been successful in logging into your Dropbox account because you are then receiving an error saying that the email or the password is incorrect.
I have advised you on how to reset your password but you have not done this as you believe you will need access to your email address in order to change the password.
The 6 digit code that we ask for sometimes would be an added security measure, and not specifically due to your password being expired.
Please try to log in again, this time continuing to changing your password, and send me a screenshot of what happens when you try to do this.
If this does not work for you, unfortunately there are no other ways we can help you to get access to your account as we have exhausted all options that we have for this process.
I apologise that I do not have a more favourable response. If you have any further queries then please do not hesitate to reach back out to me.
Kind regards, Nina The Dropbox Team
TL;DR I’m once again asked to send screenshots of what I’m experiencing.
Me, Nov 25, 2021, 1:11 AM PST:
Hi Nina,
Thank you for understanding my situation and not reciting another template, I really appreciate that.
We have deferred the 6 digit code for you a few times, yet you still have not been successful in logging into your Dropbox account because you are then receiving an error saying that the email or the password is incorrect.
Yes, I don’t know why this is happening but I presume there’s some glitch in the login system that’s doing that. I’m entering the same credentials every time.
Please try to log in again, this time continuing to changing your password, and send me a screenshot of what happens when you try to do this.
No problem, here are the screenshots of what I’m seeing when I try to log in and use the password changing link:
< screenshots >
If this does not work for you, unfortunately there are no other ways we can help you to get access to your account as we have exhausted all options that we have for this process.
Could you please escalate this? I’m certain that there’s a technical issue that’s preventing you from helping me with logging in, because why else would I be getting an invalid password error when I enter the correct password?
Nina comes back and asks me to click the “I can’t recover my account using this page” link that shows up when you press the “Click here to reset it” link. This link goes to a knowledge base article on Dropbox’s website.
I send a screenshot of the knowledge base article in a reply. I expect nothing. I ask myself – why am I even doing this anyway?
Perhaps there’s some deeper meaning to me weaving through the 7 layers of customer support hell, finding solutions to being stonewalled, and perseverance. I’m too tired to look for it though. I just wanted to re-experience my worlds one final time.
Part 5 - The End
(updated on 03/12/2021)
After posting this article to the forum thread mentioned above (and my comment subsequently being deleted, thanks mods!), my ticket finally got escalated to someone who is an “account security manager” at Dropbox, and after verifying my identity, they helped me with resetting the password. It’s unfortunate that I had to publish this entire article in order to be noticed by Dropbox and receive actual help, but it’s something, I guess.
For any companies that may be reading this, I hope this story highlights the importance of having a high-quality support department that understands the issues that your clients are having, and that are familiar with how the product operates. It’s not the day-to-day usage of your product, but the handling of edge cases and unexpected situations that truly separates reliable and trusted solutions from others.
The point I’ve made before still stands though, and it’s that you should stop using Dropbox. They don’t care about you or your files, all they want is your money. Move to any other service like Google Drive, or a self-hosted solution like Nextcloud. There are many alternatives to Dropbox, and they’re all better at preserving your files than Dropbox.