Password fault leaves Dropbox accounts unprotected

Password fault leaves Dropbox accounts unprotected

An authorisation glitch in Dropbox's login system let anyone sign into customer accounts without a password.

The online syncing service is now sifting through its records to see which users may have been affected.

According to Dropbox, the fault was caused by a code update that introduced a bug affecting the authentication mechanism, which left the system open to abuse.

“During that period, a very small number of users (much less than 1%) logged in, some of whom could have logged into an account without the correct password,” said Arash Ferdowsi on the Dropbox blog. “As a precaution, we ended all logged in sessions.”

Dropbox said it was trawling log records to try and identify which accounts might have been accessed by third parties.

“We’re working to gather additional data and continue to review logs for potentially unauthorised activity,” said Ferdowsi.

“We’re conducting a thorough investigation of related activity to understand whether any accounts were improperly accessed. If we identify any specific instances of unusual activity, we’ll immediately notify the account owner.”

Security experts have warned that the embarrassing error could pose a problem to business users who use the service to sync and share documents.

"The safety of a web link allowing you to share a file 'through the cloud' depends very strongly on who's able to access that link," said Paul Ducklin of security firm Sophos on the company blog.

"If anyone can download it, you run the risk of data leakage. And if anyone can access and modify it, you run the risk of something much worse," he said. "Unauthorised modification of your Dropbox data could propagate incorrect information throughout your digital world."

The fault is the latest security problem faced by Dropbox, which has been criticised by a security researcher for not offering full encryption.

This article originally appeared at pcpro.co.uk

Source: Copyright © PC Pro, Dennis Publishing

See more about:  password  |  fault  |  leaves  |  dropbox  |  accounts  |  unprotected
 
 

Readers of this article also read...

In Pictures: Corsair's brand new Obsidian 750D PC case 

In Pictures: Corsair's brand new Obsidian 750D PC case

 
Telstra supports International Day Against Homophobia, Biphobia and Transphobia 

Telstra supports International Day Against Homophobia, Biphobia and Transphobia

 
Toshiba's new 2013 laptops unveiled 

Toshiba's new 2013 laptops unveiled

 
Exclusive First Look: Gigabyte's Z87X-UD3H 

Exclusive First Look: Gigabyte's Z87X-UD3H

 
Unboxed: LG's Optimus G "Superphone" 

Unboxed: LG's Optimus G "Superphone"

 

Latest Comments

Latest Competitions

Win! Destiny 

Win! Destiny

We're giving away a copy of next great console shooter!
Win! 300 Rise of an Empire 

Win! 300 Rise of an Empire

We're giving away five awesome prize packs!
 

Latest Poll

What PC component are you planning to upgrade in the next six months










Ads by Google

From our Partners

PC & Tech Authority Downloads