This morning a post on Pastebin outlined a serious security issue that was spotted at Dropbox: for a brief period of time, the service allowed users to log into accounts using any password. In other words, you could log into someone's account simply by typing in their email address.�Given that many people entrust Dropbox with important data (one of the service's selling points is its security), that's a really big deal. We've now confirmed with Dropbox that the service did have this issue yesterday ?�Dropbox says that it began after a code push at 1:54 PM PDT and was fixed at 5:46 PM PDT (they had the fix live five minutes after they discovered it). So, in total, the bug was live for around four hours.
Source: http://feedproxy.google.com/~r/Techcrunch/~3/PxeiLYEnIIQ/
No comments:
Post a Comment