DropBox Sued Over Recent Password ''Bug''
A Dropbox user in Los Angeles has filed a class-action lawsuit against the cloud storage company based on the service's recent security issue.
A class action lawsuit was filed against Dropbox by one of its users in the U.S. District Court in San Francisco. The suit clams that the San Francisco-based company violated the California Unfair Competition Law while also adding charges of invasion of privacy and negligence. Additional details regarding the lawsuit were not not given.
As reported last week, Dropbox introduced updated code into the backend that inadvertently turned off the service's authentication mechanism for approximately four hours. That meant user accounts were left wide open for anyone to gain access, as the accounts didn't require passwords during that timeframe. For those who store sensitive data in Dropbox, the possible exposure could have been devastating.
"This should never have happened," said Dropbox CTO Arash Ferdowsi in a blog. "We are scrutinizing our controls and we will be implementing additional safeguards to prevent this from happening again. We are sorry for this and regardless of how many people were ultimately affected, any exposure at all is unacceptable to us."
The lawsuit claims that Dropbox user Cristina Wong of Los Angeles didn't know about the security failure until days after the incident took place. She wasn't informed about the possible exposure through Dropbox itself, but instead from new outlets. In Dropbox's defense, the company said that it would only contact customers whose accounts were accessed during the 4-hour window. According to Ferdowski, only 1-percent of its user base actually accessed their accounts.
"Today we sent an email directly to users whose accounts were likely compromised during the recent security lapse," Ferdowski said at the time. "According to our records, there were fewer than a hundred affected users and neither account settings nor files were modified in any of these accounts."
The lawsuit notes that Dropbox actively encourages its users to store sensitive and personal data in its virtual cloud because of the service's superior security. The company itself even claims that more than 25 million people have joined Dropbox and are using it to save more than 200 million files every day. These files are available from any computer, smartphone or iPad.
Based on the available details surrounding the lawsuit, the biggest issue seems to be that Dropbox didn't inform every user of the security issue, but instead chose to offer an update in a blog. So far Dropbox hasn't issue a statement in regards to the current lawsuit.
- Analyst: Apple Building 2 iPhones for September
- Sony Hacker GeoHot Now Working at Facebook
- MSFT Dubs Handheld Console Market 'Red Ocean'
- LulzSec Disbands After 50 Days of Hacking
- KMI KeyWorx Offers Foot Operated Computing
- Meet the Portable, Solar Catamaran
- Google Estimates Facebook Gets 10^12 PVs
- New Bodyguard Weapon Packs a Punch
- Tokyo U's PossessedHand Controls Your Fingers
- Google Wants to Know: What Do You Love?
- McAfee Will Make .XXX Sites Bug Free
- Is Capcom Trying to Thwart Used Games Sector?
- 60GHz Tech Closer to Wireless HDMI, USB
- VIDEO: Google Reveals Google+ Social Network
- Skip Across the Water With the Aquaskipper
- Scientists ''Green'' Disaster Alerts
- Your Custom Color Flower is Now Ready
- Google: No Content Data Requests From China
- Facebook Valued at $70 Billion
[citation]...instead from new outlets...[/citation]
news*
Being a Dropbox user... I had no idea this even happened until now.... interesting.
Knew that coming.
Living the "American Dream", suing [anything/anyone] to become rich
Sadly only the attorneys get rich in cases like this.
^ Class-action suits rarely result in any single party getting rich. The last one I could have taken part in would have netted me a whole $2 and change - not worth the stamps.
People are getting more pathetic by the day. Maybe I should become an attorney.
And this is why I will never embrace this overhyped of late "cloud". Also with the recent security breeches on various gaming companies and such, I can't understand this big push to keep more of our data externally.
Not sure the maths are right here: one percent of 25 million is more than "fewer than a hundred".
People are getting more pathetic by the day. Maybe I should become an attorney.
No, don't. You'll end up in Hell where they all belong.
Hahaha.
Just another troll trying to profit off of a piss poor mishap that SOMETIMES happens when you're dealing with that many users and a complex code and system as DropBox. Sure points were proven but the person doesn't really give a damn. Just trying to get some headlines (which they've now done) and collect a few shillings.
why dont these stupied people think, encrypt your data before you upload
i dont know about you but i wouldnt hand my phone switched on to be put in the safe, why becasue the person putting it in the safe/ anyone with access or a potential thief has access to it
how stupied can you get
damn it
ferdowsi, not ferdowski
you used both names in the article
Screw that, Dropbox was smart. Could you imagine having 25 million users try to call the hotline at once? Instead, they did the research, found out who was affected, made sure they got taken care of. They basically avoided mass panic. Tell Ms. Wong where to shove her eggroll.
This should make other companies that offer cloud based services to be more careful in the future.
Wait... who puts sensitive data on a dropbox share?!? (...or any other cloud service for that manner.) Sometimes the burden of due diligence lies with the individual.
Knew that coming.Living the "American Dream", suing [anything/anyone] to become rich
businesses dont give a DAMN about people, they care about money. go on, when was the last time you got change from a nicely written email? you get change when you kick them in their wallets.
a class action isnt about getting money, its about getting change and being damn sure that the lawsuit wont go away without publicity and wont be payed off.
There is almost nothing confidential in my DropBox, and what little there is in there are in encrypted and passworded archives. The reason i do this is because s*!t happens, and if you don't have backup plans you are out of luck
Another win for the cloud! ...not.
Uhh huu, sure, store your data in "the cloud" where it's "safe". Eventually people will realize that trusting someone "else" with your sensitive data makes as much sense as trusting someone "else" with your back account, house keys and full power of attorney. You better damn well know how they are and have some sort of legal protection from them abusing that trust. None of that is present in the current "cloud" services.
The only good thing that Dropbox did is that they actually admitted that they made a mistake and they didn't used the hack attack as a scapegoat. Nevertheless companies that store peoples data in the cloud should be sued when they do mistakes or neglect security. I really thing that strong laws should be made that make clouds so hard to implement that they will go extinct. But that's just me, I guess...
The other thing is that when personal data leaks happen in the web the punishment seems inproportionally smaller than the ones happen the traditional way even though leaks are larger in numbers...
This is the reason why I don't trust the cloud for sensitive data.
Good review – here is the best alternative as of June 2011: SugarSync.
You get 5GB of cloud storage space with the FREE version, but now there is no restriction to the number of computers you can sync/backup (up from 2).
It gives you the ability to upload and sync any folder on your computer.
It is the only service that offers such a broad device and OS support with apps for BlackBerry, Android, iPhone/iPad, Symbian, not to mention your computer!
You can also stream MP3 music files to your smartphone or computer.
Also if you use the below referral code you get a bonus 500MB extra on top of your Free 5GB!
https://www.sugarsync.com/referral?rf=tbtp0asbw9pt
Hope this helps someone!
Anticompetitive practices? Invasion of privacy? These charges are absurd at best...the only thing I can see standing is negligence.