4

Security bug disables DropBox passwords

The other day we mentioned an openly available tool, Dropbox Reader, that is designed to circumvent security measures on your DropBox account. We are now hearing that over the weekend, no tool was needed to access DropBox accounts.

For a brief period of time, users could log into accounts using any password. Just type in an email address and wing it with a password and you were in. DropBox has confirmed this breach and states it left everything vulnerable from 1:54pm PDT to 5:46pm PDT this past Sunday (06/19/2011). The fix only took five minutes to put into place once DropBox became aware of things.

In a statement on DropBox's blog, the cloud storage service reports,

"We’re conducting a thorough investigation of related activity to understand whether any accounts were improperly accessed. If we identify any specific instances of unusual activity, we’ll immediately notify the account owner. If you’re concerned about any activity that has occurred in your account, you can contact us atsecurity@dropbox.com.

This should never have happened. We are scrutinizing our controls and we will be implementing additional safeguards to prevent this from happening again."

If you're a DropBox client, you may want to check your account to see if any files were accessed during the time frame or have gone missing. Changing your password might not be a bad idea either.

Glitches in security happen but it sure does seem like DropBox has been snake bitten here lately. 

source: TechCrunch via: Gizmodo

0
loading...
0
loading...
24
loading...
0
loading...

Comments

There are 4 comments. Sign in to comment

1jaxstate1 says:

Nothing important in my dropbox. But this is a mess.

Light Speed1 says:

android's answer to wp7 skydrive integration turns out to be an unsecure JOKE? you dont say???

dtboos says:

I stopped using dropbox when I got my wp7 phone. I strictly use Skydrive and look forward to the full skydrive sync come fall.

w0qj says:

Good review – here is another cloud storage solution that is fully encrypted:With SugarSync, you get 5GB of cloud storage space with the FREE version, but now there is no restriction to the number of computers you can sync/backup (up from 2).It gives you the ability to upload and sync any folder on your computer.It is the only service that offers such a broad device and OS support with apps for BlackBerry, Android, iPhone/iPad, Symbian, not to mention your computer!You can also stream MP3 music files to your smartphone or computer.Also if you use the below referral code you get a bonus 500MB extra on top of your Free 5GB!https://www.sugarsync.com/referral?rf=tbtp0asbw9ptHope it helps someone.