Dropbox Security Bug – Users Could Access Account Without Password

Dropbox LogoCloud based file storing service Dropbox messed up its access controls, reports sophos. Unlike the majority of data breaches reported – where usernames and passwords were stolen, allowing attackers and miscreants to access other people’s accounts illegally – Dropbox’s “hack” was of a more embarrassing sort.

According to Dropbox blog, they have made a code update that introduced a bug affecting Dropbox’s authentication mechanism. This bug has been discovered four hours later and fixed immediately. During that period period, users could have logged into an account without knowing the correct password. So you could log in to other people’s accounts without knowing their passwords at all.

Dropbox isn’t alone in having made this sort of mistake. Facebook did something similar last year, leading to Mark Zuckerberg’s own fan page being hacked.

[advt]Unauthorised access to your Dropbox data could give cybercrooks an enormous amount of information about your life, your plans and your identity. And unauthorised modification of your Dropbox data could propagate incorrect information throughout your digital world. Dropbox did well to fix the problem within four hours, and to admit this openlyon its blog.

Dropbox can automatically synchronise your own files between all your various devices, such as your desktop PC, your Mac laptop and your smartphone. Read More about Dropbox.

Be the first to comment

Leave a Reply