Dropbox mistake allows login without password
Looks like a glitch in Dropbox's authorisation system briefly allowed users to login without a password, exposing accounts to unauthorised entry.
Between 1.54 and 5.46 pm Pacific time yesterday accounts were left totally vulnerable to password free entry.
A post on the Dropbox blog from Arash Ferdowsi explains that the backup service is currently looking into users accounts to see who may have been affected.
"We’re conducting a thorough investigation of related activity to understand whether any accounts were improperly accessed. If we identify any specific instances of unusual activity, we’ll immediately notify the account owner. If you’re concerned about any activity that has occurred in your account, you can contact us at firstname.lastname@example.org."
Dropbox explained that less than one per cent of users were active during the period of time that accounts were exposed. It has also said that those affected should have been emailed activity related details for review.
The backup service has been criticised recently for its lack of proper security for business users. Facebook experienced a similar authentication error last year, one that led to the eventual hacking of Mark Zuckerberg's own account.
Got an email from Dropbox? We want to know!