Dropbox, the file sharing and synchronization service which has been receiving rave reviews over the past months, has been battered and bruised this week after it was disclosed on Monday that passwords were optional for about 4 hours.
This means that, for a service that promotes its value both for security as well as convenience by letting users access their most important files anywhere, anybody who wanted to could do just that – access your most important files with just your username and no password. Dropbox explained on Monday that the breach potentially affected much less than one percent of users.
Dropbox sent out an email yesterday afternoon providing more detail about the security breach, disclosing that less than one hundred accounts were affected but these were all accessed by the same person. This means that someone discovered that passwords were not required, then deliberately logged onto the affected accounts, to access files that were not theirs.
Dropbox did not comment further on the security breach, so it is not known whose accounts were accessed.