Loading…
Search the Dropbox Watchdog archive
Category
Sudden account suspensions, files held hostage over quota, automated support loops, and the absence of a human to appeal to.
For a service entrusted with people's most important files, the way Dropbox handles account problems has been a recurring source of anger. This section collects the documented patterns: accounts suspended or banned — sometimes by automated systems — that lock users out of all of their data with little explanation or appeal; the policy under which files exceeding a downgraded plan's quota become read-only and can eventually be deleted; the difficulty of reaching a human, with free and even paying users routed through automated help loops and slow ticket queues; billing and cancellation problems that support fails to resolve; and the practical impossibility, for many users, of recovering access or data once an account is flagged. These are not single dramatic incidents so much as a steady stream of individual disasters that reveal how little recourse a user has when the system decides against them.
Across multiple years, attackers have built convincing fake Dropbox login pages — reached via PDF lures and redirect chains through trusted cloud storage — to harvest victims' real business email and Dropbox credentials.
Because Dash can be downloaded and set up with 'no sales or IT required,' an individual employee can connect and index an organization's apps and browser history without administrator oversight — recreating the shadow-IT data-governance risk that earlier consumer Dropbox use posed to enterprises.
Dropbox Basic (free) users get no email, chat or phone support — only the help center and community forum. Even paying Plus and Professional customers must first pass through a Dropbox AI assistant before they can reach email or live chat.
Check Point recorded thousands of attacks in which criminals hosted credential-harvesting documents on Dropbox itself, so the phishing emails came genuinely from [email protected] and sailed past filters that trust the Dropbox domain.
If a user enables two-factor authentication and later loses their authenticator app, backup phone and emergency backup code, Dropbox support has told users it has no process to restore access — and the account, with all its files, is effectively lost.
Users widely report being charged after cancelling, billed on accounts they thought were closed, and unable to get Dropbox support to issue refunds — often resolved only after escalating to the BBB. The BBB has published a pattern alert tied to these complaints.
Dropbox can disable an account for policy violations — and when it does, all access to the account and its files is terminated at once. Users widely report being locked out with little explanation, and that some disablings are triggered by automated abuse-detection.
Dropbox deems a free account inactive after 12 months with no log-in or file activity; the account is then disabled and, after a further period, its files are deleted. Users widely report having data erased while assuming Dropbox was a safe long-term store.
Dropbox offers no legacy-contact or memorialization feature. To obtain a deceased person's files, the next of kin must generally produce a court order compelling disclosure — a slow, expensive barrier that leaves grieving families locked out of irreplaceable data.
If a Dropbox account exceeds its (often downgraded) storage quota, users may lose the ability to sync, upload, share, move or even preview files — and if it stays over the limit, Dropbox 'may delete files you own' to force the account back under quota.
When an account exceeds its quota, Dropbox can halt syncing — the core function users depend on — until they delete files or pay more, while the path to downgrade a plan or step back to free is comparatively buried, wrapped in loss warnings, and locked behind non-refundable annual terms.
Dropbox teams must always have at least one admin, but when a sole admin leaves, is offboarded, or loses access, the rest of the team can be locked out of administration — and recovering control or transferring ownership often requires a slow special support process.
Dropbox promises a one-business-day email response on paid plans, but users widely report tickets sitting for days, being marked 'solved' without a fix, or being told to use the volunteer community forum — with some getting traction only after filing a BBB complaint.
Dropbox sends one-time verification codes for new-device or unusual logins, but when the code goes to an outdated phone number or an inbox the user can no longer reach, legitimate owners report being unable to sign in — and the questionnaire-based recovery often fails.
A persistent class of complaints describes Dropbox files that sit indefinitely in a 'syncing' state and never finish, leaving users unsure whether their data was actually uploaded — in some reported cases for months, with support unable to resolve it.
When the full 2012 credential dump resurfaced in 2016, Dropbox forced a password reset on every user who had signed up before mid-2012 and never changed their password — a sweeping operational response that, for many, was the first sign anything was wrong.
During the August 2015 global outage, Dropbox's status page reported service restored while many users were still locked out — a documented gap between the company's stated status and the actual experience of its users.