If you logged in to your Dropbox account on Sunday, between 1.54pm PT and 5.46pm PT, you might not have noticed it but you could use any password to log into your account – or any account for that matter. Dropbox has confirmed this afternoon that a programmer’s error caused a temporary security breach that allows any user account to be accessed with any password.
The error was due to a code update that “introduced a bug affecting our authentication mechanism”, according to the company. Fortunately Dropbox was alerted of the problem immediately, which they fixed as soon as they could. The company issued an apology on its official blog, saying that they will be implementing additional safeguards to prevent it from happening again. However, if you’re worried that your files were accessed or compromised by other people, you can contact them at firstname.lastname@example.org.
This goes to show that even if you have a password combination that nobody can ever figure out without asking you, accounts can still be compromised. Ah, the wonders of cloud computing.
Next Story: T-Mobile blocks Google Talk Video Chat?
- 2014-04-13: Dropbox CEO Backs Condoleezza Rice's Board Appointment
- 2014-04-10: Internet Rallies Against Condoleezza Rice's Appointment To Dropbox's Board
- 2014-04-09: Dropbox Introduces Carousel Gallery
- 2014-03-28: Dropbox Acquires Social Reader Readmill
- 2014-03-18: Dropbox May Allow Users To Switch Between Work And Personal Accounts
- 2013-08-07: Google Chrome Carries Danger Of Exposing User Passwords
- 2013-04-02: Yahoo! Mail Teams Up With Dropbox For Easier Attachments
- 2012-08-27: Dropbox Beefs Up Security With Two-Step Verification
- 2012-04-04: 500MB Dropbox referral bonus ups the ante
- 2011-05-13: Dropbox isn't as safe as you thought