Dropbox authentication gaffe exposes users’ files

By Geoff Duncan June 21, 2011

Image used with permission by copyright holder

Online storage service Dropbox—popular for its seamless mobile and desktop client software—accidentally disabled password authentication on its service for four hours yesterday. Although Dropbox says less than one percent of its 25 million accounts were accessed during that time, the gaffe does mean that all users’ content—potentially including email, documents, photos, videos, passwords, and more—were exposed to the whole Internet until Dropbox corrected the issue.

According to Dropbox CEO Arash Ferdowsi, Dropbox began rolling out a code change just before 2PM PDT on June 20 that exposed an issue in Dropbox’s authentication system that would enable logins without a correct password. Dropbox found the problem four hours later and severed all active connections to the service, re-instating normal authentication.

“We’re conducting a thorough investigation of related activity to understand whether any accounts were improperly accessed,” Ferdowsi wrote. “If we identify any specific instances of unusual activity, we’ll immediately notify the account owner.” The company says that all accounts logged in during the period should now have received an email message with additional security information.

The gaffe follows controversial changes to Dropbox’s privacy policy and re-statement of its content encryption process, which have sparked a complaint to the Federal Trade Commission. Dropbox has characterized the complaint as meritless.

Dropbox’s authentication failure highlights some of the risks of cloud-based storage: while users appreciate the convenience and elegance of Dropbox storage and being able to access it cleanly from a number of devices and services, the bottom line is that users are trusting their data to third parties, and operational glitches seem all too common the burgeoning cloud world.

Editors' Recommendations

Topics

Mobile
Web

Former Digital Trends Contributor

Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…

Business

The best cloud storage options to support your small business

If you've got limited physical hard drive space or you simply want to keep your files safely backed up elsewhere, cloud storage is a huge help. When it comes to small business, such data and files is even more valuable. After all, it's bad enough if you lose personal photos or information, but losing vital data in your business could cost you a lot of time and money, as well as potentially your reputation.

We've checked out the best cloud storage services for your small business, looking at what's best depending on the size of your company, as well as any potential requirements you might have for how your data is accessed such as end-to-end encryption or two-factor authentication. We've also looked at some cloud services which offer free storage for a limited time, or up to a certain amount of space. Products like Apple's iCloud service, OneDrive, and Google Drive often provide some free cloud storage to get you started with their services.

Photography

Adobe left millions of Creative Cloud user records exposed online

A hacker inputting code into a system.

Adobe Creative Cloud subscribers are being warned to keep a look out for phishing emails after it was discovered that data belonging to more than seven million accounts remained exposed online for about a week.

Adobe Creative Cloud is a suite of applications that subscribers pay a monthly fee to use. It includes Photoshop, Lightroom, Premiere Rush, Premier Pro, and Illustrator, among other software.

Computing

LG just knocked $300 off this 16-inch lightweight laptop

lg ultrapc 17 review front angled

For those people who are constantly on the go, grabbing a thin and light laptop makes life a lot easier, especially since they tend to weigh a lot less while also having very capable performance. Unfortunately, that does come at a bit of an extra cost, so we're happy to see this deal from LG on the UltraPC laptop that knocks it down to just $700 from its usual price of $1,000. That's an excellent price for a laptop that can outperform competitors at the same price range, even with the discounted price.

Why you should buy the LG UltraPC laptop
This new version of the Ultra PC is a big upgrade on the previous LG UltraPC laptop and follows the same lineup of LG's very thin laptops like the LG Gram 17, so LG has quite a lot of experience in this market. That's pretty obvious by the fact that the UltraPC has a tiny 0.64-inch thickness, making it thinner than many books. It doesn't lose out on other features, though, and it still comes with a pretty substantial 16-inch screen that runs a modified FHD resolution of 1920 x 1200, which may be a bit low for such a nice laptop, but it's not a dealbreaker if it helps keep the price down. The keyboard is also great to use, and while the previous version of the UltraPC had a comically small touchpad, this new one is a lot more substantial and useful.