Forgot your password?
typodupeerror
Cloud Bug Data Storage Security Hardware

Dropbox Password Goof Let Any Password Work For 4 Hours 185

Posted by timothy
from the you'll-find-we're-very-open-minded. dept.
tekgoblin writes "Dropbox confirmed today that for some time yesterday, any user's account was accessible without a password. The glitch was a programming error related to a code update and accounts were only vulnerable from around 1:54 pm PST to 5:46pm PST." "Only" is relative; as reader zonky puts it, "It took around 4 hours from deployment for Dropbox to notice they'd entirely broken their authentication scheme."
This discussion has been archived. No new comments can be posted.

Dropbox Password Goof Let Any Password Work For 4 Hours

Comments Filter:
  • by james_van (2241758) on Tuesday June 21, 2011 @08:06AM (#36510856)
    Seriously, someone needs to have their head roll. Proper authentication is a.) the first thing I learned when doing web programming b.) reasonably simple to put in place c.) so damned important that even for a small website with nothing particularly sensitive, anyone who drops the ball on it should shown the door with swiftness. I really like Dropbox, but they've had some drama lately and I think it's time to look elsewhere
  • by Wuhao (471511) on Tuesday June 21, 2011 @08:14AM (#36510928)

    Not only was there a serious security issue here, but Dropbox customers are having to find out about this through blogs. Dropbox has yet to email its users about this issue. It claims on its blog that users who logged in during this time have been notified. I logged in during this time, and have received no notice.

    I am now leaving Dropbox. I need to review Wuala and Spideroak to see if they meet my needs, but I can safely say that this event and Dropbox's earlier behavior has demonstrated to me that they do not take the security and privacy of their customers seriously.

  • by gstoddart (321705) on Tuesday June 21, 2011 @09:05AM (#36511422) Homepage

    Well, gee, that makes me feel good about their security...

    I've never treated Dropbox like it's secure. It's convenient for copying around files, but I wouldn't use it for anything sensitive.

    I think if you're aware of the fact that it's only *slightly* more secure than a public folder on a shared network and use it accordingly, you can still make use of Dropbox as a tool. Although, admittedly, my usage of it has diminished since I initially got it.

  • by rubycodez (864176) on Tuesday June 21, 2011 @11:02AM (#36513086)
    bugs will happen, all the time. The problem here is that there are processes missing, management has failed. Your ideas of software development need to change, it is not a one-man-band.

Scientists will study your brain to learn more about your distant cousin, Man.

Working...