Q-CERT team found a critical vulnerability that allows the attacker to bypass the two-factor authentication in the most popular file sharing service ”. Two Factor Authentication is an extra layer of security that is known as ‘multi factor authentication’ that requires not only a password and username but also a unique code that only user can get via SMS or Call. If an attacker already knows the username and password of the victim’s Dropbox account, it is still possible to hack that Dropbox account using following explained technique.
Source: https://thehackernews.com/2013/07/hacking-dropbox-account-vulnerability.html