19.8.12

Dropbox Exposed Customer Data For Four Hours Yesterday

EDD Update: Dropbox Exposed Customer Data For Four Hours Yesterday

June 21, 2011

Dropbox Exposed Customer Data For Four Hours Yesterday

Security breach at Dropbox! The online file sharing service du jour disclosed that it accidentally made customer files accessible by using any password for four hours yesterday. The company played this down by saying that "much less than 1 percent" of users logged in during that period and that the bug was fixed five minutes after Dropbox discovered it.
Screen shot 2011-06-22 at 10.01.21 AM Problem is, Dropbox has 25 million customers. So a figure like "much less than 1 percent" -- even if it's only half of 1 percent -- is still 125,000 customers. Also, according to Dropbox, that five-minute fix didn't happen until the bug had been live for almost four hours.

How does a company's authentication system break for four hours, affecting tens or hundreds of thousands of customers, in the middle of the afternoon before the company realizes?

Attorneys would be well-advised to stop using Dropbox until the company improves its security policies and earns a track record of trust.

By Evan Koblentz at 10:04 AM | Permalink | Comments (0) | TrackBack (0)