Dropbox Security Blunder Leaves All User Accounts Accessible Without Password

Dropbox - Your stuff is safe

All Dropbox accounts were accessible with virtually any passwords, even incorrect ones, for four hours on Monday. The blunder was made when the company implemented a code update, and it took four hours before realizing the issue, eventually having it fixed in the next five minutes.

Less than one percent of users logged in during that period, according to a blog post by Arash Ferdowsi, Dropbox’s co-founder and CTO. These accounts will be flagged for investigation, and the account owner will be notified if there’s any unauthorized access:

We’re conducting a thorough investigation of related activity to understand whether any accounts were improperly accessed. If we identify any specific instances of unusual activity, we’ll immediately notify the account owner. If you’re concerned about any activity that has occurred in your account, you can contact us at support@dropbox.com.

2011 hasn’t been a particularly good year for Dropbox. Some users got upset when the company updated its terms of service in April, reserving the right to decrypt and hand over private files of any users to the government when requested, in compliance to the United States law.

The company was also alleged to have misled its users in a help article, stating “Dropbox employees aren’t able to access user files” statement.” The statement was later revised to “Dropbox employees are prohibited from viewing the content of files you store..” in the same month.

Along with the latest security blunder, Dropbox effectively went from “only you can see your files” to “employees and the government may also see your files”, and for four hours, “anyone can see your files.”

The commendable part? Dropbox admits its fault on each of these occasions, clarifying and communicating with its users through the company blog.

Protip: Regardless of any promises made by online storage service providers, if a file is too important to be seen by anyone, encrypt it yourself using free tools like TrueCrypt.

 

#dropbox#Online storage#security

Comments

  1. Delena Silverfox - June 27, 2011 @ 7:05 am

    Wow. And here I just began using Dropbox. O.O’ I may have to seriously rethink this now.

    Reply

    Happy Birthday replied:

    Hmm,i see that you made your points,you are really a cool author.

    Reply

    happy birthday wishes replied:

    Awesome post! I discovered so numerous interesting stuff in your weblog especially its discussion.

    Reply

    best wishes messages replied:

    The quality is depend on the material. There some supplier that mix the material with the worse one. You must check it clearly.
    I have read most of them and got a lot from them. To me, you are doing the great work. Carry on this. work at home In the end, I would like to thank you for making such a nice website

    Reply

    happy birthday brother poems replied:

    Lionel Andrés Messi is an Argentinian contestant who currently plays for Municipality and the Argentinian somebody forgather. Excogitative one of the terminable enthralled players of his act.

    Reply

    best wishes quotes replied:

    Intercalary zealous intellection of excogitation, I am set to conceptualize it. There are so thready developers clinical on this theorise but this is one of the earthborn saucy centralised e’er. Thanks for forgather it here.

    Reply

    furniture replied:

    You extravasation unornamented us with untold a whopping grouping of grouping. Your offset is create and you personalised to lot it with all. I organisation your add.

    Reply

  2. Steven Papas - June 28, 2011 @ 4:31 am

    I’ve used Dropbox several times and has worked so well. I think after this error they will be more careful in the future.

    Reply

    wish birthday replied:

    I was astounded. Because I met entropy which I looks for. We desire to displace to utter our gratuitude. Thanks alot

    Reply

  3. Alfee - July 12, 2011 @ 4:06 am

    I’ve dropped DropBox completely now. Just one too many security issues lately. Have to make do with a combination of SugarSync, Windows Live Mesh and the good old thumbdrive.

    Reply

  4. Oscar - July 15, 2011 @ 10:55 pm

    Thanks for the post and the comments. Good to know.

    Reply

  5. Kavya Hari - July 20, 2011 @ 2:23 pm

    This is one of teh excellent places to know about dropbox security info on here. valuable post on here too :)

    Reply

  6. Aamir - July 28, 2011 @ 5:56 pm

    thank god i didnt start using dropbox!

    Reply

  7. James H - August 5, 2011 @ 3:22 pm

    Thankfully some of my clients wanted me to use Dropbox, but i always found it to be useless, thank you for sharing it with us, you have confirmed my conviction

    Reply

  8. kewin - August 11, 2011 @ 7:36 pm

    thank god.i didnt put anything important in dropbox.only picture of batman…haha

    Reply

  9. Deborah Martinez - August 12, 2011 @ 2:53 am

    Wow, just learned that. Such a waste, they were showing some promise. I hope they can fix the glitches, and continue serving their clients. They’ll have some problems gaining the confidence of their market though.

    Reply

    bedroom design ideas replied:

    I required to lie my end of your inform acquisition and noesis to act readers job from the plosive to the end. I would suchlike to pretending newer posts and to assets my thoughts with you.

    Reply

  10. Daniel - August 13, 2011 @ 2:46 am

    Chow! For a long time, I have not seen your update on SheepTech. Perhaps you are so busy with a long time vacation, right? See your new post soon.

    Reply

  11. super oyunlar - October 5, 2011 @ 10:06 am

    i got security issues too.but still it’s good.

    Reply

  12. Sugel - October 27, 2011 @ 4:39 am

    These terms of service the Terms govern your access to and use of Dropbox we or our websites and services the Services so please carefully read them before using the Services.. You may use the Services only if you have the power to form a contract with Dropbox and are not barred under any applicable laws from doing so. By using our Services you provide us with information files and folders that you submit to Dropbox together your stuff .

    Reply

    engagement wishes replied:

    @SugelThanks for the tips, maybe I can use this ended my tufted marketing and I’ve been use untold anulus media in run a interaction and they someone existing a big amend on me.
    engagement wishes

    Reply

  13. UmairP - November 12, 2011 @ 2:35 pm

    This is very bad, for both: users and dropbox it self.

    Reply

  14. سينما - January 8, 2012 @ 6:06 am

    Thanks for the post and the comments. Good to know

    Reply

  15. شات الكويت 29 - January 8, 2012 @ 6:07 am

    Thanks for the post and the comments. Good to kno

    Reply

  16. شات - January 8, 2012 @ 6:07 am

    Thanks for the post and the comments. Good to

    Reply

  17. reverse phone lookup - April 25, 2012 @ 4:44 pm

    Dropbox has been criticized by independent security researcher Derek Newton, who has argued that Dropbox’s authentication architecture is inherently insecure and by software expert Miguel de Icaza who claims that Dropbox’s terms of service contradicts its privacy policy and that the company’s famous claim dropbox employees aren’t able to access user files is a lie. Thanks.

    Reply

  18. Local SEO Services - May 9, 2012 @ 8:37 pm

    An open source tool called Dropship provides unauthenticated access to Dropbox-hosted files by using the Dropbox API to access files by their hash. Dropbox has attempted to squash this project by requesting its suspension where it was being hosted, and by inadvertently issuing a fake DMCA takedown notice. Thanks.

    Reply

  19. phone number lookup - May 12, 2012 @ 2:35 pm

    Dropbox struck deals with Japanese mobile service providers Softbank and Sony Ericsson. As per the terms of the deal Dropbox will come preloaded on their mobile phones. Thanks.

    Reply

  20. convection microwave oven - May 23, 2012 @ 11:02 pm

    I just couldn’t depart your site prior to suggesting that I extremely enjoyed the standard information an individual provide for your visitors? Is gonna be back frequently in order to inspect new posts.

    Reply

  21. happy birthday - July 4, 2012 @ 3:29 pm

    I equivalent and determine the communicator’s blogs. It is so overnice and hirsute to mate for everyone. This is really dread…

    Reply

  22. birthday wishes - July 11, 2012 @ 2:24 pm

    Fit gripping magistrate. Ratio has been scrawled in racquet municipality ratio. I sensibility mensuration this undetectable of rob. Thanks for new saintlike noesis.

    Reply

  23. Bellevue dentists - July 13, 2012 @ 2:48 pm

    The point is avoid in ail a someone doings and it entails whatsoever utilizable assembling for me. I am paradisal to tap your soaring way of descriptor the habitation. Now you add it unproblematic for me to restate and get the aim. Leaving you for the touring.

    Reply

  24. love stories - July 18, 2012 @ 12:52 pm

    Along with the latest security blunder, Dropbox effectively went from “only you can see your files” to “employees and the government may also see your files”, and for four hours, “anyone can see your files.”

    Reply

  25. seo service - July 20, 2012 @ 2:00 pm

    Greeting, Ingenious installation. There’s an opening together with your machine in net humanlike, would stoppage this?€? IE nonetheless is the manufacture trounce and a capacious change of different folks power achieve out your excellent activity due to this job.
    Skillfulness

    Reply

  26. astrology software from world of wisdom - July 22, 2012 @ 5:52 pm

    2011 hasn’t been a particularly good year for Dropbox. Some users got upset when the company updated its terms of service in April, reserving the right to decrypt and hand over private files of any users to the government when requested, in compliance to the United States law.

    Reply

  27. order essays - July 31, 2012 @ 10:35 pm

    You made some good points .I did a little research on the topic and found that most people agree with your blog. Thanks.

    Reply

  28. good luck wishes - August 8, 2012 @ 1:25 pm

    Add you for the owed airman. This job is handwritten in a really righteous collection. It helps me in many projects to tally. Thanks alot for relation it.

    Reply

  29. asian oil painting - August 20, 2012 @ 5:55 pm

    If you would like to have, don’t just expectations. Life is short, can’t afford to wait.

    Reply

  30. dissertations - September 15, 2012 @ 4:08 am

    This article is trully well-written.There are a lot of interesting things to take into consideration. well done! dissertations

    Reply

  31. subscription billing - October 15, 2012 @ 8:08 pm

    Thank you, I learned a lot from your article. It is really interesting and informative. Hope, you will give us more information concerning this issue.

    Reply

  32. аксессуары для iPad 3 - October 18, 2012 @ 4:14 am

    This article helps me a lot. Nice work! аксессуары для iPad 3

    Reply

  33. green tea coffee - October 22, 2012 @ 7:50 pm

    The motorcar has been used in the context of electrified rail systems to denote a car which functions as a small locomotive but also provides space for passengers and baggage. These locomotive cars were often used on suburban routes by both interurban and intercity railroad systems. Thanks.

    Reply

  34. rolling trolley bags - December 27, 2012 @ 9:41 am

    Thanks for sharing this. Pleasant repeat regarding many of the blueprint during my chat. I hope you and your viewers find it helpful! Thanks again.

    Reply

  35. Happy Birthday - July 16, 2012 @ 3:58 pm

    great article! it is an eye opening to all. and i’m very much thankful that she wrote her experience for us to let know them respectively

    Reply

Leave a Reply

Your email address will not be published / Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>