Sunday turned out to be a field day for miscreants, after Dropbox, the popular cloud-based file-hosting service accidentally turned off its password security system. The folly led to the accounts of all of its 25 million users’ being left open for public view for a good four hours.
The bug was introduced in the system, when Dropbox made a routine code update at 1:54PM Pacific Time, Sunday. However, it wasn’t until four hours hence, i.e. 5:41PM that the bug caught Dropbox's eye. In the four hours that the bug had to itself, it made sure that the accounts of each one of Dropbox’s 25 million users were made accessible to just about everyone. This means that, users could type in any random detail into the password box, and still be able to peek into someone else's account. The company’s blog post, however, claims that only a couple of the users’ accounts were tampered with, and that they are investigating the matter.
Security analysts believe that Dropbox’s system of storing encrypted data on their servers, instead of the users’ computer, made them vulnerable to such glitches. This incident comes after Christopher Soghoian, a Security Researcher raised doubts over the security assured by Dropbox to its users.