DropBox Authentication Bug
A message from dropbox
Hi Dropboxers,
Yesterday we made a code update at 1:54pm Pacific time that introduced a bug affecting our authentication mechanism. We discovered this at 5:41pm and a fix was live at 5:46pm. A very small number of users (much less than 1 percent) logged in during that period, some of whom could have logged into an account without the correct password. As a precaution, we ended all logged in sessions.
We’re conducting a thorough investigation of related activity to understand whether any accounts were improperly accessed. If we identify any specific instances of unusual activity, we’ll immediately notify the account owner. If you’re concerned about any activity that has occurred in your account, you can contact us at support@dropbox.com.
This should never have happened. We are scrutinizing our controls and we will be implementing additional safeguards to prevent this from happening again.
Source - blog.dropbox.com/?p=821
Their final message reads
Today we sent an email directly to users whose accounts were likely compromised during the recent security lapse. According to our records, there were fewer than a hundred affected users and neither account settings nor files were modified in any of these accounts. Our team has been working tirelessly to review what happened and to make sure that it never happens again. At this point, we have contacted all these users and provided them more detail. We will continue to provide updates when available.
The comments on the blog page show that many users have lost confidence with the service after this short security lapse.
Comments include.
are you fucking kidding me?
and
WOW Dropbox! Im switching to Sugar Sync! And after all the nice things i read on http://ikejhamb.com/blog/dropb…
Bad luck for drop box although many of its users will probably never find out about this event.
Category: Submissions
