Web-based storage firm Dropbox has admitted that a programming error led to a temporary security breach that allowed any account to be accessed using any password, reports CNET News. According to Dropbox, the breach was attributed to a “code update” that “introduced a bug affecting our authentication mechanism.”
According to InformationWeek, Drop box says only “a very small number of users (much less than 1 percent)” were affected. Once discovered, the flaw only took five minutes to fix, but as a precaution, all logged-in sessions were ended.
This isn’t the first time Dropbox’s security has come into question. In May, University of Indiana Ph.D. and security researcher Christopher Soghoian filed a complaint with the Federal Trade Commission, claiming that Dropbox has been misleading users about the security and privacy of their files. Soghoian takes issue with Dropbox’s deduplication process, saying it makes it easy for outsiders to know what’s on Dropbox’s servers.