Search
Sign in with
Sign up | Sign in
22 comments

DropBox Sued Over Recent Password ''Bug''

By - Source: Consumer Affairs

A Dropbox user in Los Angeles has filed a class-action lawsuit against the cloud storage company based on the service's recent security issue.

A class action lawsuit was filed against Dropbox by one of its users in the U.S. District Court in San Francisco. The suit clams that the San Francisco-based company violated the California Unfair Competition Law while also adding charges of invasion of privacy and negligence. Additional details regarding the lawsuit were not not given.

As reported last week, Dropbox introduced updated code into the backend that inadvertently turned off the service's authentication mechanism for approximately four hours. That meant user accounts were left wide open for anyone to gain access, as the accounts didn't require passwords during that timeframe. For those who store sensitive data in Dropbox, the possible exposure could have been devastating.

"This should never have happened," said Dropbox CTO Arash Ferdowsi in a blog. "We are scrutinizing our controls and we will be implementing additional safeguards to prevent this from happening again. We are sorry for this and regardless of how many people were ultimately affected, any exposure at all is unacceptable to us."

The lawsuit claims that Dropbox user Cristina Wong of Los Angeles didn't know about the security failure until days after the incident took place. She wasn't informed about the possible exposure through Dropbox itself, but instead from new outlets. In Dropbox's defense, the company said that it would only contact customers whose accounts were accessed during the 4-hour window. According to Ferdowski, only 1-percent of its user base actually accessed their accounts.

"Today we sent an email directly to users whose accounts were likely compromised during the recent security lapse," Ferdowski said at the time. "According to our records, there were fewer than a hundred affected users and neither account settings nor files were modified in any of these accounts."

The lawsuit notes that Dropbox actively encourages its users to store sensitive and personal data in its virtual cloud because of the service's superior security. The company itself even claims that more than 25 million people have joined Dropbox and are using it to save more than 200 million files every day. These files are available from any computer, smartphone or iPad.

Based on the available details surrounding the lawsuit, the biggest issue seems to be that Dropbox didn't inform every user of the security issue, but instead chose to offer an update in a blog. So far Dropbox hasn't issue a statement in regards to the current lawsuit.

You need to be logged to post a comment

There are 22 Comments.
Other Comments
  • 2
    Ragnar-Kon , June 29, 2011 2:30 AM
    ...instead from new outlets...


    news*

    Being a Dropbox user... I had no idea this even happened until now.... interesting.
  • 0
    amdwilliam1985 , June 29, 2011 2:33 AM
    Knew that coming.

    Living the "American Dream", suing [anything/anyone] to become rich :) 
  • 0
    dalethepcman , June 29, 2011 2:41 AM
    Sadly only the attorneys get rich in cases like this.
  • 3
    RazberyBandit , June 29, 2011 2:41 AM
    ^ Class-action suits rarely result in any single party getting rich. The last one I could have taken part in would have netted me a whole $2 and change - not worth the stamps.
  • -2
    jdog2pt0 , June 29, 2011 2:45 AM
    People are getting more pathetic by the day. Maybe I should become an attorney.
  • 4
    hoof_hearted , June 29, 2011 2:47 AM
    And this is why I will never embrace this overhyped of late "cloud". Also with the recent security breeches on various gaming companies and such, I can't understand this big push to keep more of our data externally.
  • 3
    aje21 , June 29, 2011 2:50 AM
    Not sure the maths are right here: one percent of 25 million is more than "fewer than a hundred".
  • 0
    sliem , June 29, 2011 2:51 AM
    JDog2pt0People are getting more pathetic by the day. Maybe I should become an attorney.


    No, don't. You'll end up in Hell where they all belong.
    Hahaha.
  • -2
    bison88 , June 29, 2011 3:27 AM
    Just another troll trying to profit off of a piss poor mishap that SOMETIMES happens when you're dealing with that many users and a complex code and system as DropBox. Sure points were proven but the person doesn't really give a damn. Just trying to get some headlines (which they've now done) and collect a few shillings.
  • -2
    shanky887614 , June 29, 2011 3:36 AM
    why dont these stupied people think, encrypt your data before you upload

    i dont know about you but i wouldnt hand my phone switched on to be put in the safe, why becasue the person putting it in the safe/ anyone with access or a potential thief has access to it

    how stupied can you get
  • 0
    pcworm , June 29, 2011 3:41 AM
    damn it
    ferdowsi, not ferdowski
    you used both names in the article
  • 0
    jcoultas98 , June 29, 2011 3:52 AM
    Screw that, Dropbox was smart. Could you imagine having 25 million users try to call the hotline at once? Instead, they did the research, found out who was affected, made sure they got taken care of. They basically avoided mass panic. Tell Ms. Wong where to shove her eggroll.
  • 2
    fir_ser , June 29, 2011 3:54 AM
    This should make other companies that offer cloud based services to be more careful in the future.
  • 1
    mdillenbeck , June 29, 2011 4:11 AM
    Wait... who puts sensitive data on a dropbox share?!? (...or any other cloud service for that manner.) Sometimes the burden of due diligence lies with the individual.
  • 1
    alidan , June 29, 2011 5:06 AM
    amdwilliam1985Knew that coming.Living the "American Dream", suing [anything/anyone] to become rich

    businesses dont give a DAMN about people, they care about money. go on, when was the last time you got change from a nicely written email? you get change when you kick them in their wallets.

    a class action isnt about getting money, its about getting change and being damn sure that the lawsuit wont go away without publicity and wont be payed off.
  • 0
    RogueKitsune , June 29, 2011 6:06 AM
    There is almost nothing confidential in my DropBox, and what little there is in there are in encrypted and passworded archives. The reason i do this is because s*!t happens, and if you don't have backup plans you are out of luck
  • 1
    _Cubase_ , June 29, 2011 6:14 AM
    Another win for the cloud! ...not.
  • 0
    palladin9479 , June 29, 2011 10:51 AM
    Uhh huu, sure, store your data in "the cloud" where it's "safe". Eventually people will realize that trusting someone "else" with your sensitive data makes as much sense as trusting someone "else" with your back account, house keys and full power of attorney. You better damn well know how they are and have some sort of legal protection from them abusing that trust. None of that is present in the current "cloud" services.
  • 0
    Humans think , June 29, 2011 6:36 PM
    The only good thing that Dropbox did is that they actually admitted that they made a mistake and they didn't used the hack attack as a scapegoat. Nevertheless companies that store peoples data in the cloud should be sued when they do mistakes or neglect security. I really thing that strong laws should be made that make clouds so hard to implement that they will go extinct. But that's just me, I guess...

    The other thing is that when personal data leaks happen in the web the punishment seems inproportionally smaller than the ones happen the traditional way even though leaks are larger in numbers...
  • 0
    chaos133 , June 29, 2011 6:39 PM
    This is the reason why I don't trust the cloud for sensitive data.
Display more comments
Related Content
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter