Dropbox allowed a major secuirty flaw to slip into their authorisation system briefly yesterday, allowing users into their accounts without the need to first enter a password, leaving Dropbox fans’ cloud stored files vulnerable to those not authorised to access them.
The problem occurred between 1.54 and 5.46 Pacific time yesterday, a time when less than one percent of the service’s users were active, according to Dropbox.
Arash Ferdowsi, Dropbox CTO and co-founder, had this to say in a blog post following the glitch.
“We’re conducting a thorough investigation of related activity to understand whether any accounts were improperly accessed. If we identify any specific instances of unusual activity, we’ll immediately notify the account owner. If you’re concerned about any activity that has occurred in your account, you can contact us at firstname.lastname@example.org.”
It’s another blow for Dropbox, who have recently been criticised for a lack of high-level security features for business users. At a time when Google, Amazon and Apple are all launching cloud storage models, Dropbox will have to work hard to regain the faith of their users.