Dropbox Exposed Customer Data For Four Hours Yesterday
Security breach at Dropbox! The online file sharing service du jour disclosed that it accidentally made customer files accessible by using any password for four hours yesterday. The company played this down by saying that "much less than 1 percent" of users logged in during that period and that the bug was fixed five minutes after Dropbox discovered it.
Problem is, Dropbox has 25 million customers. So a figure like "much less than 1 percent" -- even if it's only half of 1 percent -- is still 125,000 customers. Also, according to Dropbox, that five-minute fix didn't happen until the bug had been live for almost four hours.
How does a company's authentication system break for four hours, affecting tens or hundreds of thousands of customers, in the middle of the afternoon before the company realizes?
Attorneys would be well-advised to stop using Dropbox until the company improves its security policies and earns a track record of trust.