June 25, 2011 by Vincent
Dropbox Security Blunder Leaves All User Accounts Accessible Without Password
All Dropbox accounts were accessible with virtually any passwords, even incorrect ones, for four hours on Monday. The blunder was made when the company implemented a code update, and it took four hours before realizing the issue, eventually having it fixed in the next five minutes.
Less than one percent of users logged in during that period, according to a blog post by Arash Ferdowsi, Dropbox’s co-founder and CTO. These accounts will be flagged for investigation, and the account owner will be notified if there’s any unauthorized access:
We’re conducting a thorough investigation of related activity to understand whether any accounts were improperly accessed. If we identify any specific instances of unusual activity, we’ll immediately notify the account owner. If you’re concerned about any activity that has occurred in your account, you can contact us at [email protected].
2011 hasn’t been a particularly good year for Dropbox. Some users got upset when the company updated its terms of service in April, reserving the right to decrypt and hand over private files of any users to the government when requested, in compliance to the United States law.
The company was also alleged to have misled its users in a help article, stating “Dropbox employees aren’t able to access user files” statement.” The statement was later revised to “Dropbox employees are prohibited from viewing the content of files you store..” in the same month.
Along with the latest security blunder, Dropbox effectively went from “only you can see your files” to “employees and the government may also see your files”, and for four hours, “anyone can see your files.”
The commendable part? Dropbox admits its fault on each of these occasions, clarifying and communicating with its users through the company blog.
Protip: Regardless of any promises made by online storage service providers, if a file is too important to be seen by anyone, encrypt it yourself using free tools like TrueCrypt.
Delena Silverfox - June 27, 2011 @ 7:05 am
Wow. And here I just began using Dropbox. O.O’ I may have to seriously rethink this now.
Happy Birthday - July 16, 2012 @ 3:53 pm
Hmm,i see that you made your points,you are really a cool author.
happy birthday wishes - July 17, 2012 @ 1:54 pm
Awesome post! I discovered so numerous interesting stuff in your weblog especially its discussion.
best wishes messages - July 19, 2012 @ 1:40 pm
The quality is depend on the material. There some supplier that mix the material with the worse one. You must check it clearly.
I have read most of them and got a lot from them. To me, you are doing the great work. Carry on this. work at home In the end, I would like to thank you for making such a nice website
happy birthday brother poems - July 25, 2012 @ 3:55 pm
Lionel Andrés Messi is an Argentinian contestant who currently plays for Municipality and the Argentinian somebody forgather. Excogitative one of the terminable enthralled players of his act.
best wishes quotes - July 29, 2012 @ 4:27 pm
Intercalary zealous intellection of excogitation, I am set to conceptualize it. There are so thready developers clinical on this theorise but this is one of the earthborn saucy centralised e’er. Thanks for forgather it here.
furniture - September 8, 2012 @ 8:34 pm
You extravasation unornamented us with untold a whopping grouping of grouping. Your offset is create and you personalised to lot it with all. I organisation your add.
Steven Papas - June 28, 2011 @ 4:31 am
I’ve used Dropbox several times and has worked so well. I think after this error they will be more careful in the future.
wish birthday - August 2, 2012 @ 3:11 pm
I was astounded. Because I met entropy which I looks for. We desire to displace to utter our gratuitude. Thanks alot
Alfee - July 12, 2011 @ 4:06 am
I’ve dropped DropBox completely now. Just one too many security issues lately. Have to make do with a combination of SugarSync, Windows Live Mesh and the good old thumbdrive.
Oscar - July 15, 2011 @ 10:55 pm
Thanks for the post and the comments. Good to know.
Kavya Hari - July 20, 2011 @ 2:23 pm
This is one of teh excellent places to know about dropbox security info on here. valuable post on here too 🙂
Aamir - July 28, 2011 @ 5:56 pm
thank god i didnt start using dropbox!
James H - August 5, 2011 @ 3:22 pm
Thankfully some of my clients wanted me to use Dropbox, but i always found it to be useless, thank you for sharing it with us, you have confirmed my conviction
kewin - August 11, 2011 @ 7:36 pm
thank god.i didnt put anything important in dropbox.only picture of batman…haha
Deborah Martinez - August 12, 2011 @ 2:53 am
Wow, just learned that. Such a waste, they were showing some promise. I hope they can fix the glitches, and continue serving their clients. They’ll have some problems gaining the confidence of their market though.
bedroom design ideas - August 31, 2012 @ 3:50 pm
I required to lie my end of your inform acquisition and noesis to act readers job from the plosive to the end. I would suchlike to pretending newer posts and to assets my thoughts with you.
Daniel - August 13, 2011 @ 2:46 am
Chow! For a long time, I have not seen your update on SheepTech. Perhaps you are so busy with a long time vacation, right? See your new post soon.
super oyunlar - October 5, 2011 @ 10:06 am
i got security issues too.but still it’s good.
Sugel - October 27, 2011 @ 4:39 am
These terms of service the Terms govern your access to and use of Dropbox we or our websites and services the Services so please carefully read them before using the Services.. You may use the Services only if you have the power to form a contract with Dropbox and are not barred under any applicable laws from doing so. By using our Services you provide us with information files and folders that you submit to Dropbox together your stuff .
engagement wishes - July 19, 2012 @ 5:30 pm
@SugelThanks for the tips, maybe I can use this ended my tufted marketing and I’ve been use untold anulus media in run a interaction and they someone existing a big amend on me.
engagement wishes
UmairP - November 12, 2011 @ 2:35 pm
This is very bad, for both: users and dropbox it self.
سينما - January 8, 2012 @ 6:06 am
Thanks for the post and the comments. Good to know
شات الكويت 29 - January 8, 2012 @ 6:07 am
Thanks for the post and the comments. Good to kno
شات - January 8, 2012 @ 6:07 am
Thanks for the post and the comments. Good to
reverse phone lookup - April 25, 2012 @ 4:44 pm
Dropbox has been criticized by independent security researcher Derek Newton, who has argued that Dropbox’s authentication architecture is inherently insecure and by software expert Miguel de Icaza who claims that Dropbox’s terms of service contradicts its privacy policy and that the company’s famous claim dropbox employees aren’t able to access user files is a lie. Thanks.
Local SEO Services - May 9, 2012 @ 8:37 pm
An open source tool called Dropship provides unauthenticated access to Dropbox-hosted files by using the Dropbox API to access files by their hash. Dropbox has attempted to squash this project by requesting its suspension where it was being hosted, and by inadvertently issuing a fake DMCA takedown notice. Thanks.
phone number lookup - May 12, 2012 @ 2:35 pm
Dropbox struck deals with Japanese mobile service providers Softbank and Sony Ericsson. As per the terms of the deal Dropbox will come preloaded on their mobile phones. Thanks.
convection microwave oven - May 23, 2012 @ 11:02 pm
I just couldn’t depart your site prior to suggesting that I extremely enjoyed the standard information an individual provide for your visitors? Is gonna be back frequently in order to inspect new posts.
happy birthday - July 4, 2012 @ 3:29 pm
I equivalent and determine the communicator’s blogs. It is so overnice and hirsute to mate for everyone. This is really dread…
birthday wishes - July 11, 2012 @ 2:24 pm
Fit gripping magistrate. Ratio has been scrawled in racquet municipality ratio. I sensibility mensuration this undetectable of rob. Thanks for new saintlike noesis.
Bellevue dentists - July 13, 2012 @ 2:48 pm
The point is avoid in ail a someone doings and it entails whatsoever utilizable assembling for me. I am paradisal to tap your soaring way of descriptor the habitation. Now you add it unproblematic for me to restate and get the aim. Leaving you for the touring.
love stories - July 18, 2012 @ 12:52 pm
Along with the latest security blunder, Dropbox effectively went from “only you can see your files†to “employees and the government may also see your filesâ€, and for four hours, “anyone can see your files.â€
seo service - July 20, 2012 @ 2:00 pm
Greeting, Ingenious installation. There’s an opening together with your machine in net humanlike, would stoppage this?€? IE nonetheless is the manufacture trounce and a capacious change of different folks power achieve out your excellent activity due to this job.
Skillfulness
astrology software from world of wisdom - July 22, 2012 @ 5:52 pm
2011 hasn’t been a particularly good year for Dropbox. Some users got upset when the company updated its terms of service in April, reserving the right to decrypt and hand over private files of any users to the government when requested, in compliance to the United States law.
order essays - July 31, 2012 @ 10:35 pm
You made some good points .I did a little research on the topic and found that most people agree with your blog. Thanks.
good luck wishes - August 8, 2012 @ 1:25 pm
Add you for the owed airman. This job is handwritten in a really righteous collection. It helps me in many projects to tally. Thanks alot for relation it.
asian oil painting - August 20, 2012 @ 5:55 pm
If you would like to have, don’t just expectations. Life is short, can’t afford to wait.
dissertations - September 15, 2012 @ 4:08 am
This article is trully well-written.There are a lot of interesting things to take into consideration. well done! dissertations
subscription billing - October 15, 2012 @ 8:08 pm
Thank you, I learned a lot from your article. It is really interesting and informative. Hope, you will give us more information concerning this issue.
акÑеÑÑуары Ð´Ð»Ñ iPad 3 - October 18, 2012 @ 4:14 am
This article helps me a lot. Nice work! акÑеÑÑуары Ð´Ð»Ñ iPad 3
green tea coffee - October 22, 2012 @ 7:50 pm
The motorcar has been used in the context of electrified rail systems to denote a car which functions as a small locomotive but also provides space for passengers and baggage. These locomotive cars were often used on suburban routes by both interurban and intercity railroad systems. Thanks.
rolling trolley bags - December 27, 2012 @ 9:41 am
Thanks for sharing this. Pleasant repeat regarding many of the blueprint during my chat. I hope you and your viewers find it helpful! Thanks again.