Wednesday, June 22, 2011

Dropbox Leaves Accounts Unsecured For Hours!


So on June 20th Dropbox made a little mistake. They unknowingly left some of their user account unsecured. This meant that for a few hours that day anyone could log onto someones account and all they would need to know is their email. They could log in with any password.

This bug was live on the Internet for four hours. That's a lot of time for personal accounts information to be at such a risk. It doesn't make sense how such a large and fast growing company can make such a serious mistake.

This is what Dropbox released on their blog.
Hi Dropboxers,
Yesterday we made a code update at 1:54pm Pacific time that introduced a bug affecting our authentication mechanism. We discovered this at 5:41pm and a fix was live at 5:46pm. A very small number of users (much less than 1 percent) logged in during that period, some of whom could have logged into an account without the correct password. As a precaution, we ended all logged in sessions.
We’re conducting a thorough investigation of related activity to understand whether any accounts were improperly accessed. If we identify any specific instances of unusual activity, we’ll immediately notify the account owner. If you’re concerned about any activity that has occurred in your account, you can contact us at support@dropbox.com.
This should never have happened. We are scrutinizing our controls and we will be implementing additional safeguards to prevent this from happening again.
-Arash



Free Computer Parts!
Free Money!

No comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...