Password fault leaves Dropbox accounts unprotected

By
Password fault leaves Dropbox accounts unprotected

An authorisation glitch in Dropbox's login system let anyone sign into customer accounts without a password.

The online syncing service is now sifting through its records to see which users may have been affected.

According to Dropbox, the fault was caused by a code update that introduced a bug affecting the authentication mechanism, which left the system open to abuse.

“During that period, a very small number of users (much less than 1%) logged in, some of whom could have logged into an account without the correct password,” said Arash Ferdowsi on the Dropbox blog. “As a precaution, we ended all logged in sessions.”

Dropbox said it was trawling log records to try and identify which accounts might have been accessed by third parties.

“We’re working to gather additional data and continue to review logs for potentially unauthorised activity,” said Ferdowsi.

“We’re conducting a thorough investigation of related activity to understand whether any accounts were improperly accessed. If we identify any specific instances of unusual activity, we’ll immediately notify the account owner.”

Security experts have warned that the embarrassing error could pose a problem to business users who use the service to sync and share documents.

"The safety of a web link allowing you to share a file 'through the cloud' depends very strongly on who's able to access that link," said Paul Ducklin of security firm Sophos on the company blog.

"If anyone can download it, you run the risk of data leakage. And if anyone can access and modify it, you run the risk of something much worse," he said. "Unauthorised modification of your Dropbox data could propagate incorrect information throughout your digital world."

The fault is the latest security problem faced by Dropbox, which has been criticised by a security researcher for not offering full encryption.

This article originally appeared at pcpro.co.uk

Copyright © Alphr, Dennis Publishing
Tags:

Most Read Articles

Windows 10 Fall Creators Update: 10 of the best new features

Windows 10 Fall Creators Update: 10 of the best new features

Australia gets its own Humble Bundle

Australia gets its own Humble Bundle

Ask Graeme - What is the value of the NBN?

Ask Graeme - What is the value of the NBN?

Review: Synology DS718+ NAS

Review: Synology DS718+ NAS