Dropbox security bug temporarily allowed logins without authentication
Earlier today, a code update to Dropbox introduced a bug that temporarily allowed access to users' accounts and files without authentication via the company's web interface. For approximately four hours, from the time that Dropbox made the changes until the service's developers were able to correct the error, user accounts were accessible by merely typing in the email address associated with the account.
"This should never have happened," Dropbox says on its blog. "We are scrutinizing our controls and we will be implementing additional safeguards to prevent this from happening again."
TechCrunch notes that many Dropbox users store sensitive files using the service, and it's a sobering thought that such files were theoretically freely accessible by anyone for any period of time. Dropbox claims that less than one percent of users logged into the service while authentication was inadvertently optional, and it logged out all user sessions as a precaution.
This is not the first time concerns have been raised over possible security issues with Dropbox, but the fact that user accounts and files were accessible without authentication may mean that users looking for a secure online file storage system may want to look elsewhere when iCloud debuts this fall.
Subscribe to Newsletter
Software Updatesmore updates
- Daily App: MyScript Calculator solves your hand-written math equations
- Findery app lets you discover the world around you using annotated notes and maps
- The Learnist app brings its crowd-sourced collection of information to your iPhone
- My cat Cinnamon reviews Friskies Cat Fishing 2
- Photo Grid Collage Maker is capable and free
- iExit gets new features and is now free