f5-nz logo
Story image

Startling security lapse at Dropbox

21 Jun 2011

Dropbox is a popular cloud based backup, storage and transfer service.

The company behind Dropbox made a startling admission on its blog today. Admitting that for four hours its service effectively had little or no privacy.

Here is what the company said:

"Yesterday we made a code update at 1:54pm Pacific time that introduced a bug affecting our authentication mechanism. We discovered this at 5:41pm and a fix was live at 5:46pm. A very small number of users (much less than 1 percent) logged in during that period, some of whom could have logged into an account without the correct password. As a precaution, we ended all logged in sessions. We’re conducting a thorough investigation of related activity to understand whether any accounts were improperly accessed. If we identify any specific instances of unusual activity, we’ll immediately notify the account owner. If you’re concerned about any activity that has occurred in your account, you can contact us at support@dropbox.com. This should never have happened. We are scrutinizing our controls and we will be implementing additional safeguards to prevent this from happening again."

Since the event hundreds of users have flamed the company on its blog. Read the full comments here.