Saturday, June 25, 2011

Dropbox Breach: Fewer Than 100 Accounts Affected, But One Person Actively Exploited Security Hole

It's been an incredibly rough week for Dropbox. On Monday, news broke that a bug in the service's authentication software effectively made passwords optional for around four hours over the weekend ?�meaning that you could log into anyone's account simply by entering their user name. Given what Dropbox is used for ?�namely, syncing your most important files between computers ?�that's a huge deal. Especially since the service has promoted its security features as one of its selling points. At the time Dropbox said that "much less than 1 percent" of users could have potentially been affected. Now we've obtained an email that Dropbox sent out this afternoon to users who were affected by the breach and it's much more specific. First, the good news: the scale of the attack affected "fewer than a hundred accounts". But according to the letter, those accounts were all accessed by a single individual. In other words, these weren't accidental logins due to typos ?�someone discovered the hole and actively used it to access files that were not theirs. That's obviously very alarming.

Flooring Bamboo

No comments:

Post a Comment