1. Computing

Dropbox authentication gaffe exposes users’ files

By
dropbox-logo-large

Online storage service Dropbox—popular for its seamless mobile and desktop client software—accidentally disabled password authentication on its service for four hours yesterday. Although Dropbox says less than one percent of its 25 million accounts were accessed during that time, the gaffe does mean that all users’ content—potentially including email, documents, photos, videos, passwords, and more—were exposed to the whole Internet until Dropbox corrected the issue.

According to Dropbox CEO Arash Ferdowsi, Dropbox began rolling out a code change just before 2PM PDT on June 20 that exposed an issue in Dropbox’s authentication system that would enable logins without a correct password. Dropbox found the problem four hours later and severed all active connections to the service, re-instating normal authentication.

“We’re conducting a thorough investigation of related activity to understand whether any accounts were improperly accessed,” Ferdowsi wrote. “If we identify any specific instances of unusual activity, we’ll immediately notify the account owner.” The company says that all accounts logged in during the period should now have received an email message with additional security information.

The gaffe follows controversial changes to Dropbox’s privacy policy and re-statement of its content encryption process, which have sparked a complaint to the Federal Trade Commission. Dropbox has characterized the complaint as meritless.

Dropbox’s authentication failure highlights some of the risks of cloud-based storage: while users appreciate the convenience and elegance of Dropbox storage and being able to access it cleanly from a number of devices and services, the bottom line is that users are trusting their data to third parties, and operational glitches seem all too common the burgeoning cloud world.

Editors' Recommendations

What is Amazon Prime?

amazon prime cyber monday

Want to browse the web privately? Here’s how to do it for real

how to browse the web privately anonymous header

What is Audible? Amazon’s audiobook service explained

audible free trial

The best password managers for the iPhone

Apple iPhone 12 Pro

The best motherboards for 2021

Best Motherboards

The best laptop brands for 2021

best laptop brands

The best business laptops for 2021

The best browsers for privacy in 2021

stock photo of laptop on desk

The next generation of DDR memory is going to be insanely fast

ddr5 10000 ram teased sk hynix module

You won’t believe how cheap Dell refurbished computers are this weekend

refurbished dell computers deal april 2021 optiflex 7050 ffs

The most common Google Hangouts problems and how to fix them

Best desktop monitor deals for April 2021

Dell UltraSharp 27 4K PremierColor Monitor

Best cheap laptop deals for April 2021

sigma 20mm f14 art review macbook air 2020 1