If you logged in to your Dropbox account on Sunday, between 1.54pm PT and 5.46pm PT, you might not have noticed it but you could use any password to log into your account – or any account for that matter. Dropbox has confirmed this afternoon that a programmer’s error caused a temporary security breach that allows any user account to be accessed with any password.
The error was due to a code update that “introduced a bug affecting our authentication mechanism”, according to the company. Fortunately Dropbox was alerted of the problem immediately, which they fixed as soon as they could. The company issued an apology on its official blog, saying that they will be implementing additional safeguards to prevent it from happening again. However, if you’re worried that your files were accessed or compromised by other people, you can contact them at firstname.lastname@example.org.
This goes to show that even if you have a password combination that nobody can ever figure out without asking you, accounts can still be compromised. Ah, the wonders of cloud computing.
Next Story: T-Mobile blocks Google Talk Video Chat?