1. Computing

Dropbox authentication gaffe exposes users’ files

By
dropbox-logo-large

Online storage service Dropbox—popular for its seamless mobile and desktop client software—accidentally disabled password authentication on its service for four hours yesterday. Although Dropbox says less than one percent of its 25 million accounts were accessed during that time, the gaffe does mean that all users’ content—potentially including email, documents, photos, videos, passwords, and more—were exposed to the whole Internet until Dropbox corrected the issue.

According to Dropbox CEO Arash Ferdowsi, Dropbox began rolling out a code change just before 2PM PDT on June 20 that exposed an issue in Dropbox’s authentication system that would enable logins without a correct password. Dropbox found the problem four hours later and severed all active connections to the service, re-instating normal authentication.

“We’re conducting a thorough investigation of related activity to understand whether any accounts were improperly accessed,” Ferdowsi wrote. “If we identify any specific instances of unusual activity, we’ll immediately notify the account owner.” The company says that all accounts logged in during the period should now have received an email message with additional security information.

The gaffe follows controversial changes to Dropbox’s privacy policy and re-statement of its content encryption process, which have sparked a complaint to the Federal Trade Commission. Dropbox has characterized the complaint as meritless.

Dropbox’s authentication failure highlights some of the risks of cloud-based storage: while users appreciate the convenience and elegance of Dropbox storage and being able to access it cleanly from a number of devices and services, the bottom line is that users are trusting their data to third parties, and operational glitches seem all too common the burgeoning cloud world.

Editors' Recommendations

MSI Summit E13 Flip Evo review: A solid laptop at a stiff price

MSI Summit E13 Flip Evo sitting on table top.

The 100 best Android apps (September 2021)

best Android apps

The best iPhone apps (September 2021)

iOS 14 App Library

The best home security cameras for 2021

With Tesla bleeding money, Elon Musk initiates hardcore spending review

Tesla Model Y front

How to check your IMEI number on any phone

how to check your IMEI number

Apple MacBook Pro, Dell XPS 13 discounted — but hurry!

The M1-powered MacBook Pro on a coffee table.

Pokémon Unite comes to mobile with an all-new battle pass

Gengar wears a space-themed suit for Unite's mobile launch.

Venom: Let There Be Carnage — Everything we know about Sony’s sequel

Venom review

13 best tech deals you can shop today — including a cheap 70-inch 4K TV

The 70-inch TCL 70S430 4K TV, with several streaming services, shows, and movies displayed on the screen.

How to hide apps on an iPhone

How to Hide Apps on an iPhone

HP is having a surprise sale on laptops, monitors, and more today

The HP Pavilion x360 in laptop form.

This is the single best QLED TV deal you can shop today

A 60-inch Samsung QLED 4K TV with a landscape view on the screen.