Dropbox Accidently Drops Passwords For Four Hours [News]

Ads by Google

Online storage service Dropbox recently confirmed that an error made it possible for users to access accounts without the correct password. All a user needed to know was the email address tied to the account he or she wanted to access, as any password – including a blank one – would allow access. The security flaw was introduced at 1:54 PM pacific daylight time and was live for nearly four hours before being patched at 5:46 PM. According to Dropbox, the problem was introduced into the authentication system during a code update.

The company stated that only 1% of its accounts were accessed during the security vulnerability’s window and that an investigation into the circumstances surrounding the error is now underway. Although the 1% figure doesn’t sound serious, Dropbox has about 25 million users, so this means that about 250,000 accounts were accessed while the issue was live.

Flaws of this nature are a serious problem for Dropbox, as the service is used by many organizations (including MakeUseOf) to share information related to ongoing projects. The service has come under fire in recent months for a number of security related issues, including misleading statements about file encryption that eventually resulted in a formal complaint by the FTC.

There are a couple of things you can check to make sure that your Dropbox account was not compromised during those critical 4 hours.

  • First of all, check this page which goes into detail about all the recent activity in your Dropbox account. It will show you if someone has removed or added any files to your account without your knowledge and permission, as well as if any of your files were shared with anyone.
  • This page shows all the computers and mobile devices which are currently linked to your account.  See a computer or device you don’t recognize?  Or has one of your computers or mobile devices been removed? Then someone has probably accessed your account.  Boot them off and change your password immediately.

Source: CNET

Ads by Google
Join live MakeUseOf Groups on Grouvi App Join live Groups on Grouvi
Awesome Websites
Awesome Websites
1214 Members
Best Anonymity Tools
Best Anonymity Tools
891 Members
Deep Web Communities
Deep Web Communities
642 Members
Online Security Tips
Online Security Tips
399 Members
Tips for Privacy Obsessed
Tips for Privacy Obsessed
386 Members
Best Music Services
Best Music Services
260 Members
Affiliate Disclamer

This article may contain affiliate links, which pays us a small compensation if you do decide to make a purchase based on our recommendation. Our judgement is in no way biased, and our recommendations are always based on the merits of the items.

For more details, please read our disclosure.
New comment

Please login to avoid entering captcha

Log In