Dropbox confirms security glitch--no password required

File storage start-up, which says it has more than 25 million users, says a "code update" allowed access to accounts without passwords for about four hours on Sunday.

Web-based storage firm Dropbox confirmed this afternoon that a programmer's error caused a temporary security breach that allowed any password to be used to access any user account.

The San Francisco-based start-up attributed the security breach to a "code update" that "introduced a bug affecting our authentication mechanism." Access without passwords was possible between 1:54pm PT and 5:46pm PT yesterday, the company said.

"This should never have happened," Dropbox co-founder and CTO Arash Ferdowsi said in a blog post. "We are scrutinizing our controls and we will be implementing additional safeguards to prevent this from happening again."

This afternoon's news is a significant embarrassment for Dropbox, which (despite not being located in Silicon Valley) appeared on a list of "20 Hot Silicon Valley Startups You Need To Watch," and which received a CNET Webware award in May 2009.

Dropbox had assured its users that "we use the best tools and engineering practices available to build our software, and we have smart people making sure that Dropbox remains secure."

News of the snafu began to trickle out earlier on Dropbox's discussion forums--one thread was titled "Drop box web interface was WIDE OPEN for some time yesterday"--and through Twitter in a post by privacy advocate Christopher Soghoian.

In 2008, Dropbox received $7.2 million in funding from Sequoia Capital and other investors. The company claims to have more than 25 million users of its free service.

Featured Video
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

iPhone 6S chip controversy over battery life

Not all new iPhones have the same processor chip, but Apple says differences in performance are minimal. Apple also pulls ad-blocking apps over privacy concerns, and Netflix raises its price again.

by Bridget Carey