Egregious Dropbox Authentication Bug Yesterday

Yesterday I saw this report from Christopher Soghoian, alleging that for a period of time yesterday, anyone was able to log into any Dropbox account using any password. It struck me as too astounding to be true.

Alas, it was true, and the hole was open for over four hours. Everything appears to be working properly now, but I suggest all Dropbox users check their account events log.

Tuesday, 21 June 2011