Earlier today, A code update to Dropbox introduced a bug that temporarily allowed access to users’ accounts and files without authentication via the company’s web interface.For approximately four hours, from the time that Dropbox made the changes until the service’s developers were able to correct the error, user accounts were accessible by merely typing in the email address associated with the account.
On their own blog Dropbox said this never should have happen and they are conducting a thorough investigation of related activity to understand whether any accounts were improperly accessed. And if they identify any specific instances of unusual activity, we’ll immediately notify the account owner.
If you’re concerned about any activity that has occurred in your account, you can contact them at firstname.lastname@example.org.
- Dropbox Cofounder & CTO Arash Ferdowsi responds to yesterday’s bug (dropbox.com)
- Major Security Flaw in Dropbox on Windows (pdark.de)
- Dropbox Encryption Faces FTC Complaint (flyingpenguin.com)
- Dropbox: Insecure by Design? (pcworld.com)