Slashdot Mirror

← Back to Stories (view on slashdot.org)

Dropbox Password Goof Let Any Password Work For 4 Hours

Posted by timothy on Tuesday June 21, 2011 @12:02AM from the you'll-find-we're-very-open-minded. dept.

tekgoblin writes "Dropbox confirmed today that for some time yesterday, any user's account was accessible without a password. The glitch was a programming error related to a code update and accounts were only vulnerable from around 1:54 pm PST to 5:46pm PST." "Only" is relative; as reader zonky puts it, "It took around 4 hours from deployment for Dropbox to notice they'd entirely broken their authentication scheme."

1 of 185 comments (clear)

Min score:

Reason:

Sort:

Re:Regression testing by gstoddart · 2011-06-21 01:05 · Score: 4, Insightful

Well, gee, that makes me feel good about their security...
I've never treated Dropbox like it's secure. It's convenient for copying around files, but I wouldn't use it for anything sensitive.
I think if you're aware of the fact that it's only *slightly* more secure than a public folder on a shared network and use it accordingly, you can still make use of Dropbox as a tool. Although, admittedly, my usage of it has diminished since I initially got it.

--
Lost at C:>. Found at C.