Thursday, 23 June 2011

Dropbox Accidently Drops Passwords For Four Hours [News]

class="align-right" src="http://main.makeuseoflimited.netdna-cdn.com/wp-content/uploads/2011/06/dropboxsecuritythumb.jpg" alt="" />class="vt-p" href="http://www.makeuseof.com/tags/online-storage/">Online storage service class="vt-p" href="http://www.makeuseof.com/tag/5-applications-dropbox/">Dropbox recently confirmed that an error made it possible for users to access accounts without the correct password. All a user needed to know was the email address tied to the account he or she wanted to access, as any password – including a blank one – would allow access. The security flaw was introduced at 1:54 PM pacific daylight time and was live for nearly four hours before being patched at 5:46 PM. According to Dropbox, the problem was introduced into the authentication system during a code update.

The company stated that only 1% of its accounts were accessed during the security vulnerability’s window and that an investigation into the circumstances surrounding the error is now underway. Although the 1% figure doesn’t sound serious, Dropbox has about 25 million users, so this means that about 250,000 accounts were accessed while the issue was live.

class="aligncenter" style="border:1px solid black" src="http://main.makeuseoflimited.netdna-cdn.com/wp-content/uploads/2011/06/dropboxsecuritybug1.jpg" alt="" width="570" height="307" />

Flaws of this nature are a serious problem for Dropbox, as the service is used by many organizations (including MakeUseOf) to share information related to ongoing projects. The service has come under fire in recent months for a number of security related issues, including class="vt-p" href="http://www.makeuseof.com/tag/dropbox-accused-lying-users-data-security-news/">misleading statements about file encryption that eventually class="vt-p" href="http://www.pcworld.com/businesscenter/article/228018/dropbox_drops_the_ball_on_data_security.html">resulted in a formal complaint by the FTC.

There are a couple of things you can check to make sure that your Dropbox account was not compromised during those critical 4 hours.

  • First of all, check class="vt-p" href="http://www.dropbox.com/events">this page which goes into detail about all the recent activity in your Dropbox account. It will show you if someone has removed or added any files to your account without your knowledge and permission, as well as if any of your files were shared with anyone.
  • class="vt-p" href="http://www.dropbox.com/account">This page shows all the computers and mobile devices which are currently linked to your account.  See a computer or device you don’t recognize?  Or has one of your computers or mobile devices been removed? Then someone has probably accessed your account.  Boot them off and change your password immediately.

Source: class="vt-p" href="http://news.cnet.com/8301-31921_3-20072755-281/dropbox-confirms-security-glitch-no-password-required/">CNET

href="http://www.makeuseof.com/tag/dropbox-accidently-drops-passwords-hours-news/">Dropbox Accidently Drops Passwords For Four Hours [News] is a post from: href="http://www.makeuseof.com">MakeUseOf

More articles about: href="http://www.makeuseof.com/tags/dropbox/" title="dropbox" rel="tag">dropbox, href="http://www.makeuseof.com/tags/news/" title="news" rel="tag">news, href="http://www.makeuseof.com/tags/security/" title="security" rel="tag">security/>

Similar articles:

class="st-related-posts">
  • href="http://www.makeuseof.com/tag/dropbox-accused-lying-users-data-security-news/" title="Dropbox Accused Of Lying To Users Over Data Security [News] (May 16, 2011)">Dropbox Accused Of Lying To Users Over Data Security [News] (12 comments ...)
  • href="http://www.makeuseof.com/tag/twitter-adds-https-settings-enable-news/" title="Twitter Adds “Always Use HTTPS” To Settings, Enable It Now! [News] (March 16, 2011)">Twitter Adds “Always Use HTTPS” To Settings, Enable It Now! [News] (6 comments ...)
  • href="http://www.makeuseof.com/tag/sony-pictures-online-hacked-primitive-common-vulnerability-data-unencrypted-news/" title="Sony Pictures Online Hacked Using “Primitive and Common” Vulnerability, Data Unencrypted [News] (June 3, 2011)">Sony Pictures Online Hacked Using “Primitive and Common” Vulnerability, Data Unencrypted [News] (429 comments ...)
  • href="http://www.makeuseof.com/tag/sony-falls-prey-hackers-news/" title="Sony Falls Prey To Hackers – Again [News] (May 4, 2011)">Sony Falls Prey To Hackers – Again [News] (83 comments ...)
  • href="http://www.makeuseof.com/tag/security-issues-revealed-iphone-android-apps-news/" title="Security Issues Revealed In iPhone And Android Apps [News] (June 10, 2011)">Security Issues Revealed In iPhone And Android Apps [News] (0 comments ...)






    • Generated by BlogIt

    BlogIt - Auto Blogging Software for YOU!

    BlogIt - autoblogging software for YOU

    BlogIt - autoblogging software for YOU
    Posted by at
    Labels: , , , , , ,

    No comments:

    Post a Comment

    Subscribe to: Post Comments (Atom)