Oops: Dropbox Left All User Accounts Wide Open For Four Hours This Weekend
from the hacktastic dept
Dropbox’s security has been under increased scrutiny lately, after some security researchers claimed that some of its security practices were questionable. So, it was probably the worst time possible for the company to have a “programmer’s error,” leaving all Dropbox accounts completely wide open to anyone for four hours on Sunday. Apparently, during that period of time, you could log into anyone’s account with any password. Just type in a random string of gibberish and you’re in. Not surprisingly, the company is apologizing and investigating how this happened. At the very least, it seems like a good reason to explore alternatives if you’re doing remote storage.
Of course, this also raises interesting points concerning the big question of “cloud” security. Many people have suggested that relying on some third party — such as Dropbox — is inherently insecure. However, that assumes that an individual who goes a different route would be able to create a more secure system on their own. I’m sure that’s true for some people, but it might not be the case for the everyday user. In the long run, you would hope that these remote service providers can implement stronger security, so that individuals don’t have to. But, in the short run, I wouldn’t be surprised to see more such stories of less-than-optimal security being exposed at these kinds of service providers.