Slashdot Mirror

← Back to Stories (view on slashdot.org)

Dropbox Password Goof Let Any Password Work For 4 Hours

Posted by timothy on from the you'll-find-we're-very-open-minded. dept.

tekgoblin writes "Dropbox confirmed today that for some time yesterday, any user's account was accessible without a password. The glitch was a programming error related to a code update and accounts were only vulnerable from around 1:54 pm PST to 5:46pm PST." "Only" is relative; as reader zonky puts it, "It took around 4 hours from deployment for Dropbox to notice they'd entirely broken their authentication scheme."

3 of 185 comments (clear)

  1. Relax, it was only 4 hours. by Combatso · · Score: 5, Funny

    Relax honey, I only left our baby alone in the bathtub for four hours.
    Relax Mr. President, We only let our enemy control our nuclear arsenal for four hours
    Relax Japan, we have enough battery backup for the cooling system for four hours
    Relax Gulf Residents, it's only been spilling oil for four hours
    Relax Public, the serial killer has only been escaped for four hours
    Relax Columbine Parents, the killing spree and stand off only lasted for four hours

  2. Re:Regression testing by Nikker · · Score: 5, Funny

    This is Slashdot, the start tag was posted in 1999.

    --
    A loop, by its nature, continues. If that didn't make sense, start reading this sentence again.
  3. The Most Interesting Developer In The World by Kozz · · Score: 5, Funny

    I don't test my code. But when I do, I do it in Production,

    --
    I only post comments when someone on the internet is wrong.