Dropbox update nullifies passwords

By on
Dropbox update nullifies passwords
Johnny Magnusson, public domain

Company claims 1 percent of users logged in during bungle.

Private details of some of Dropbox's 25 million users were exposed overnight after a bungled code update nullified account password security.

The glitch allowed accounts on the free cloud storage system - ostensibly protected by "military" security systems - to be accessed with any password.

Accounts were exposed for up to four hours, although the glitch was fixed in less than five minutes after it was reported by several users including security researcher Christopher Soghoian.

Dropbox co-founder Arash Ferdowsi said less than 1 percent of users - about 250,000 - had accessed accounts while the passwords were exposed.

"Yesterday we made a code update at 1:54pm Pacific time that introduced a bug affecting our authentication mechanism," Ferdowsi wrote in a blog post today.

"A very small number of users logged in during that period, some of whom could have logged into an account without the correct password. As a precaution, we ended all logged in sessions."

Ferdowsi said the company is conducting an investigation and will notify affected users.

"This should never have happened. We are scrutinising our controls and we will be implementing additional safeguards to prevent this from happening again."

Soghoian, who previously attacked Dropbox's claims that it uses military-strength security, was alerted to the breach through an email from an unnamed user.

The breach comes on the heels of the publication of a forensic tool developed to help investigators crack Dropbox accounts.

Copyright © SC Magazine, Australia

Tags:

Most Read Articles

You must be a registered member of iTnews to post a comment.
| Register

Poll

How should the costs of Australia's piracy scheme be split?
Rights holders should foot the whole bill
50/50
ISPs should foot the whole bill
Government should chip in a bit
Other
Flash is heading towards its grave, and that's...
Great! Good riddance
Sad! Flash had some good qualities
Irrelevant. I don't care
What's Flash?
View poll archive

Whitepapers from our sponsors

What will the stadium of the future look like?
What will the stadium of the future look like?
New technology adoption is pushing enterprise networks to breaking point
New technology adoption is pushing enterprise networks to breaking point
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
The next era of business continuity: Are you ready for an always-on world?
The next era of business continuity: Are you ready for an always-on world?

Log In

Username:
Password:
|  Forgot your password?