Dropbox Security Bug Turns Off Passwords

The breach was attributed to a "code update" that "introduced a bug affecting our authentication mechanism."

By Kara Reeder | Posted Jun 22, 2011
Page of   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn
Web-based storage firm Dropbox has admitted that a programming error led to a temporary security breach that allowed any account to be accessed using any password, reports CNET News. According to Dropbox, the breach was attributed to a "code update" that "introduced a bug affecting our authentication mechanism."

According to InformationWeek, Drop box says only "a very small number of users (much less than 1 percent)" were affected. Once discovered, the flaw only took five minutes to fix, but as a precaution, all logged-in sessions were ended.

This isn't the first time Dropbox's security has come into question. In May, University of Indiana Ph.D. and security researcher Christopher Soghoian filed a complaint with the Federal Trade Commission, claiming that Dropbox has been misleading users about the security and privacy of their files. Soghoian takes issue with Dropbox's deduplication process, saying it makes it easy for outsiders to know what's on Dropbox's servers.

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter