Dropbox security bug temporarily allowed logins without authentication
Earlier today, a code update to Dropbox introduced a bug that temporarily allowed access to users' accounts and files without authentication via the company's web interface. For approximately four hours, from the time that Dropbox made the changes until the service's developers were able to correct the error, user accounts were accessible by merely typing in the email address associated with the account.
"This should never have happened," Dropbox says on its blog. "We are scrutinizing our controls and we will be implementing additional safeguards to prevent this from happening again."
TechCrunch notes that many Dropbox users store sensitive files using the service, and it's a sobering thought that such files were theoretically freely accessible by anyone for any period of time. Dropbox claims that less than one percent of users logged into the service while authentication was inadvertently optional, and it logged out all user sessions as a precaution.
This is not the first time concerns have been raised over possible security issues with Dropbox, but the fact that user accounts and files were accessible without authentication may mean that users looking for a secure online file storage system may want to look elsewhere when iCloud debuts this fall.
Deals of the Daymore deals
Software Updatesmore updates
- Agile Partners releases Lick of the Day 2.0
- Microsoft Office for Mac 2011 Update 14.3.4
- Pixelmator 2.2 available with over 100 new features and improvements
- DabKick for iPhone lets you share photos, watch videos and now listen to music in real-time
- Google Now added to search app on iPhone, iPad
- GateGuru for iPhone has been updated and greatly improved