BreachExchange mailing list archives
unconfirmed: Dropbox Left User Accounts Unlocked for 4 Hours Sunday
From: security curmudgeon <jericho () attrition org>
Date: Mon, 20 Jun 2011 21:09:09 -0500 (CDT)
[The incident is confirmed. If any private data was taken during this 4 hour window is unconfirmed. - jericho] http://www.wired.com/threatlevel/2011/06/dropbox/ Dropbox Left User Accounts Unlocked for 4 Hours Sunday By Ryan Singel June 20, 2011 At a time when hackers are on a tear looting information willy-nilly from insecure sites on the Web, Dropbox did the unthinkable Sunday . it allowed anyone in the world to access any one of its 25 million customers. online storage lockers . simply by typing in any password. Dropbox, one of the most popular ways to share and sync files online, says the accounts became unlocked at 1:54pm Pacific time Sunday when a programming change introduced a bug. The company closed the hole a little less than 4 hours later. The bug was reported on Dropbox forums and on Pastebin (via security researcher Christopher Soghoian). [..] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Learn encryption strategies that manage risk and shore up compliance. Download Article 1 of CREDANT Technologies' The Essentials Series: Endpoint Data Encryption That Actually Works http://credant.com/campaigns/realtime2/gap-LP1/
Current thread:
- unconfirmed: Dropbox Left User Accounts Unlocked for 4 Hours Sunday security curmudgeon (Jun 21)