This past Sunday all Dropbox accounts were left wide open for around 4 hours allowing anyone with an internet connection to access any one of its customers online storage lockers. All you needed to do was have the username and put in anything for a password and you had access to that user's files.
Dropbox is a free service used to share and sync files online. The accounts became unlocked at 1:54pm Pacific time on Sunday after a programming change introduced a bug. It took around 4 hours to fix the bug. The bug happened because of the security architecture that Dropbox uses. Dropbox uses encryption and decryption on Dropbox's servers, instead of on individual's computers.
Dropbox says fewer than 1% of accounts were in use during that time (about 250,000 users) and it closed all of the open sessions to make sure taht anyone who logged in with false credentials was cut off. Dropbox currently has about 25 million users.
Dropbox said they will continue their investigation to determine whether any accounts were improperly accessed and will notify users of any unusual activity.
No comments:
Post a Comment