Dropbox password glitch leaves user accounts open
June 24, 2011
Posted by on
On Monday 20th June a programmer’s error in a code update at Dropbox caused a temporary security breach that allowed any password to be used to access any user account. Between 21:54 on Sunday and 01:46 on Monday a bug that affected the authentication mechanism and allowed open access to users Dropbox data.
“This should never have happened,” Dropbox co-founder and CTO Arash Ferdowsi said in a blog post. “We are scrutinizing our controls and we will be implementing additional safeguards to prevent this from happening again.”
The issue was raised on dropbox’s forums and was spread through Twitter.
Back in May, I highlighted some Dropbox issues and suggested where possible that Dropbox users pre-encrypt their data before uploading to the Cloud… This issue further strengthens this suggestion.