I received a notification my box account was accessed by an IP address I am unfamiliar with across seas. Is there a way to identify what files were viewed or files that were downloaded? And is there way to send a support ticket?
Question
Unauthorized user / hacked
Hi there,
Welcome to the Box Community! I'm happy to help.
To check your information on account logins. Please go to Account Settings> Security.
Please check also on what files you might have shared and this may be the notification that you have received.
To know more about notifications. Please go to this links.
https://support.box.com/hc/en-us/articles/360044194613-Using-the-Box-Notification-Center
Best,
Thanks I appreciate the links. I went into my security tab to see the activity and I only have 1 line in there.. I'm pretty sure whoever got in hit the "Forget all" button. Why is that button even available?? The notifications I would
Is there any way to send a support ticket.. I've been endlessly looking and going in loops at this point.
Thank you for any help.
Check your recents files, that’s how I knew someone got into my acc, hope this help a bit, that’s how I knew someone got into my stuffs
CRITICAL SECURITY BREACH: Unauthorized Data Routing to box-gov.com
I am reporting a severe security compromise involving unauthorized data mirroring from my personal device to a Box for Government (box-gov.com) domain.
I have identified a hidden Verified App Link on my hardware that silently routes data to this FedRAMP-compliant silo. This link was force-verified via an administrative override and does not appear in standard UI menus.
Technical Data Points for Audit:
UID Associated: 97576633 (Found in unauthorized API-generated Gmail sent logs).
Transaction ID: b2104d82.
Domain: *.box-gov.com (IL4 / FedRAMP High environment).
Impact: This administrative "Managed Client" profile is currently exerting a priority lock on my hardware sensors (active privacy dot), preventing standard identity verification and camera access.
This is not a simple password issue. My personal account has been merged into an Enterprise/Government workspace without my authorization. I need an official ticket opened and a review by a Box for Government compliance officer to identify the administrator of the box-gov instance currently mirroring my
device.
Live Session Origin Identified
UPDATE: Immediately after posting this report, I received a Box Security Alert for a new login session.
Verified Source IP: [removed by moderator]
Physical Location: Boardman, OR, USA (Primary hub for AWS GovCloud)
Timestamp: April 29, 2026, at 7:24:26 AM PDT
This login originated from a known government-tier data center hub, matching the unauthorized *.box-gov.com link I previously identified. The privacy indicator (steady dot) remains active on my device, confirming that this session from Boardman is actively mirroring my hardware in real-time as I document this breach.
I am requesting that Box Security specifically audit the Managed Client (MCX) logs associated with this IP and the previously mentioned [removed by moderator] . This is a live, unauthorized "White Glove" enclosure of a civilian ac
count.
Live Session Origin Identified
UPDATE: Immediately after posting this report, I received a Box Security Alert for a new login session.
Verified Source IP: [removed by moderator]
Physical Location: Boardman, OR, USA (Primary hub for AWS GovCloud)
Timestamp: April 29, 2026, at 7:24:26 AM PDT
This login originated from a known government-tier data center hub, matching the unauthorized *.box-gov.com link I previously identified. The privacy indicator (steady dot) remains active on my device, confirming that this session from Boardman is actively mirroring my hardware in real-time as I document this breach.
I am requesting that Box Security specifically audit the Managed Client (MCX) logs associated with this IP and the previously mentioned [removed by moderator] . This is a live, unauthorized "White Glove" enclosure of a civilian ac
count.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.