Dropbox Accidently Drops Passwords For Four Hours [News]

dropboxsecuritythumb   Dropbox Accidently Drops Passwords For Four Hours [News]Online storage service Dropbox recently confirmed that an error made it possible for users to access accounts without the correct password. All a user needed to know was the email address tied to the account he or she wanted to access, as any password – including a blank one – would allow access. The security flaw was introduced at 1:54 PM pacific daylight time and was live for nearly four hours before being patched at 5:46 PM. According to Dropbox, the problem was introduced into the authentication system during a code update.

The company stated that only 1% of its accounts were accessed during the security vulnerability’s window and that an investigation into the circumstances surrounding the error is now underway. Although the 1% figure doesn’t sound serious, Dropbox has about 25 million users, so this means that about 250,000 accounts were accessed while the issue was live.

dropboxsecuritybug1   Dropbox Accidently Drops Passwords For Four Hours [News]

Flaws of this nature are a serious problem for Dropbox, as the service is used by many organizations (including MakeUseOf) to share information related to ongoing projects. The service has come under fire in recent months for a number of security related issues, including misleading statements about file encryption that eventually resulted in a formal complaint by the FTC.

There are a couple of things you can check to make sure that your Dropbox account was not compromised during those critical 4 hours.

  • First of all, check this page which goes into detail about all the recent activity in your Dropbox account. It will show you if someone has removed or added any files to your account without your knowledge and permission, as well as if any of your files were shared with anyone.
  • This page shows all the computers and mobile devices which are currently linked to your account.  See a computer or device you don’t recognize?  Or has one of your computers or mobile devices been removed? Then someone has probably accessed your account.  Boot them off and change your password immediately.

Source: CNET

The comments were closed because the article is more than 180 days old.

If you have any questions related to what's mentioned in the article or need help with any computer issue, ask it on MakeUseOf Answers—We and our community will be more than happy to help.

6 Comments -

0 votes

Oth’niel Nethinim

glad i did not store anything confidential inside… 

0 votes

Franco Caorlini

My advise is alwais use software as truecrypt to store personal files in this kind of software as a service

0 votes
0 votes

Barney Durant

I think it is a great chance for 4shared Sync to be noticed by community coz they are really better than dropbox. 4Shared sync provides 15 Gb free storage space.

0 votes

Michael

Easier than Truecrypt (+ uses less space):

Just zip your documents folder. 7zip wil let you encrypt the zipped folder with a password. Then log in to your Dropbox account and remove old (unencrypted) versions of your documents.
Tip: It may speed up your daily use if you sort your documents in sub folders and encrypt those in stead of the main documents folder. I’d use the same password for all the zipped folders.

It only takes a few minutes to set up and then you don’t have to care about Dropbox security issues any more.

0 votes

Anonymous

Good article – here is another Cloud Storage solution that lets your computer to fully encrypt your files before sending out:
With SugarSync, you get 5GB of cloud storage space with the FREE version, but now there is no restriction to the number of computers you can sync/backup (up from 2).
It gives you the ability to upload and sync any folder on your computer.
It is the only service that offers such a broad device and OS support with apps for BlackBerry, Android, iPhone/iPad, Symbian, not to mention your computer!
You can also stream MP3 music files to your smartphone or computer.

Also if you use the below referral code you get a bonus 500MB extra on top of your Free 5GB!

https://www.sugarsync.com/referral?rf=tbtp0asbw9pt

Hope this helps someone!