Dropbox security bug temporarily allowed logins without authentication
Earlier today, a code update to Dropbox introduced a bug that temporarily allowed access to users' accounts and files without authentication via the company's web interface. For approximately four hours, from the time that Dropbox made the changes until the service's developers were able to correct the error, user accounts were accessible by merely typing in the email address associated with the account.
"This should never have happened," Dropbox says on its blog. "We are scrutinizing our controls and we will be implementing additional safeguards to prevent this from happening again."
TechCrunch notes that many Dropbox users store sensitive files using the service, and it's a sobering thought that such files were theoretically freely accessible by anyone for any period of time. Dropbox claims that less than one percent of users logged into the service while authentication was inadvertently optional, and it logged out all user sessions as a precaution.
This is not the first time concerns have been raised over possible security issues with Dropbox, but the fact that user accounts and files were accessible without authentication may mean that users looking for a secure online file storage system may want to look elsewhere when iCloud debuts this fall.
Subscribe to Newsletter
Software Updatesmore updates
- Readdle rolls out PDF Expert 5: iCloud support, shared folder with Documents by Readdle
- FlightTrack 5: new look and features just in time for holiday travel
- HBO Go for iOS update adds Google Chromecast support
- Haiku Deck updates iPad app, launches web-based cloud version
- Weather Underground iPhone app gets crowdsourced weather, iOS 7 style
- Apple updates iMovie, adds support for older Macs