Sign in with
Sign up | Sign in

DropBox Sued Over Recent Password ''Bug''

By - Source: Consumer Affairs | B 22 comments

A Dropbox user in Los Angeles has filed a class-action lawsuit against the cloud storage company based on the service's recent security issue.

A class action lawsuit was filed against Dropbox by one of its users in the U.S. District Court in San Francisco. The suit clams that the San Francisco-based company violated the California Unfair Competition Law while also adding charges of invasion of privacy and negligence. Additional details regarding the lawsuit were not not given.

As reported last week, Dropbox introduced updated code into the backend that inadvertently turned off the service's authentication mechanism for approximately four hours. That meant user accounts were left wide open for anyone to gain access, as the accounts didn't require passwords during that timeframe. For those who store sensitive data in Dropbox, the possible exposure could have been devastating.

"This should never have happened," said Dropbox CTO Arash Ferdowsi in a blog. "We are scrutinizing our controls and we will be implementing additional safeguards to prevent this from happening again. We are sorry for this and regardless of how many people were ultimately affected, any exposure at all is unacceptable to us."

The lawsuit claims that Dropbox user Cristina Wong of Los Angeles didn't know about the security failure until days after the incident took place. She wasn't informed about the possible exposure through Dropbox itself, but instead from new outlets. In Dropbox's defense, the company said that it would only contact customers whose accounts were accessed during the 4-hour window. According to Ferdowski, only 1-percent of its user base actually accessed their accounts.

"Today we sent an email directly to users whose accounts were likely compromised during the recent security lapse," Ferdowski said at the time. "According to our records, there were fewer than a hundred affected users and neither account settings nor files were modified in any of these accounts."

The lawsuit notes that Dropbox actively encourages its users to store sensitive and personal data in its virtual cloud because of the service's superior security. The company itself even claims that more than 25 million people have joined Dropbox and are using it to save more than 200 million files every day. These files are available from any computer, smartphone or iPad.

Based on the available details surrounding the lawsuit, the biggest issue seems to be that Dropbox didn't inform every user of the security issue, but instead chose to offer an update in a blog. So far Dropbox hasn't issue a statement in regards to the current lawsuit.

Display 22 Comments.
This thread is closed for comments
  • 2 Hide
    Ragnar-Kon , June 28, 2011 7:30 PM
    ...instead from new outlets...


    news*

    Being a Dropbox user... I had no idea this even happened until now.... interesting.
  • 0 Hide
    amdwilliam1985 , June 28, 2011 7:33 PM
    Knew that coming.

    Living the "American Dream", suing [anything/anyone] to become rich :) 
  • 0 Hide
    dalethepcman , June 28, 2011 7:41 PM
    Sadly only the attorneys get rich in cases like this.
  • 3 Hide
    RazberyBandit , June 28, 2011 7:41 PM
    ^ Class-action suits rarely result in any single party getting rich. The last one I could have taken part in would have netted me a whole $2 and change - not worth the stamps.
  • -2 Hide
    jdog2pt0 , June 28, 2011 7:45 PM
    People are getting more pathetic by the day. Maybe I should become an attorney.
  • 4 Hide
    hoof_hearted , June 28, 2011 7:47 PM
    And this is why I will never embrace this overhyped of late "cloud". Also with the recent security breeches on various gaming companies and such, I can't understand this big push to keep more of our data externally.
  • 3 Hide
    aje21 , June 28, 2011 7:50 PM
    Not sure the maths are right here: one percent of 25 million is more than "fewer than a hundred".
  • 0 Hide
    sliem , June 28, 2011 7:51 PM
    JDog2pt0People are getting more pathetic by the day. Maybe I should become an attorney.


    No, don't. You'll end up in Hell where they all belong.
    Hahaha.
  • -2 Hide
    bison88 , June 28, 2011 8:27 PM
    Just another troll trying to profit off of a piss poor mishap that SOMETIMES happens when you're dealing with that many users and a complex code and system as DropBox. Sure points were proven but the person doesn't really give a damn. Just trying to get some headlines (which they've now done) and collect a few shillings.
  • -2 Hide
    shanky887614 , June 28, 2011 8:36 PM
    why dont these stupied people think, encrypt your data before you upload

    i dont know about you but i wouldnt hand my phone switched on to be put in the safe, why becasue the person putting it in the safe/ anyone with access or a potential thief has access to it

    how stupied can you get
  • 0 Hide
    pcworm , June 28, 2011 8:41 PM
    damn it
    ferdowsi, not ferdowski
    you used both names in the article
  • 0 Hide
    jcoultas98 , June 28, 2011 8:52 PM
    Screw that, Dropbox was smart. Could you imagine having 25 million users try to call the hotline at once? Instead, they did the research, found out who was affected, made sure they got taken care of. They basically avoided mass panic. Tell Ms. Wong where to shove her eggroll.
  • 2 Hide
    fir_ser , June 28, 2011 8:54 PM
    This should make other companies that offer cloud based services to be more careful in the future.
  • 1 Hide
    mdillenbeck , June 28, 2011 9:11 PM
    Wait... who puts sensitive data on a dropbox share?!? (...or any other cloud service for that manner.) Sometimes the burden of due diligence lies with the individual.
  • 1 Hide
    alidan , June 28, 2011 10:06 PM
    amdwilliam1985Knew that coming.Living the "American Dream", suing [anything/anyone] to become rich

    businesses dont give a DAMN about people, they care about money. go on, when was the last time you got change from a nicely written email? you get change when you kick them in their wallets.

    a class action isnt about getting money, its about getting change and being damn sure that the lawsuit wont go away without publicity and wont be payed off.
  • 0 Hide
    RogueKitsune , June 28, 2011 11:06 PM
    There is almost nothing confidential in my DropBox, and what little there is in there are in encrypted and passworded archives. The reason i do this is because s*!t happens, and if you don't have backup plans you are out of luck
  • 1 Hide
    _Cubase_ , June 28, 2011 11:14 PM
    Another win for the cloud! ...not.
  • 0 Hide
    palladin9479 , June 29, 2011 3:51 AM
    Uhh huu, sure, store your data in "the cloud" where it's "safe". Eventually people will realize that trusting someone "else" with your sensitive data makes as much sense as trusting someone "else" with your back account, house keys and full power of attorney. You better damn well know how they are and have some sort of legal protection from them abusing that trust. None of that is present in the current "cloud" services.
  • 0 Hide
    Humans think , June 29, 2011 11:36 AM
    The only good thing that Dropbox did is that they actually admitted that they made a mistake and they didn't used the hack attack as a scapegoat. Nevertheless companies that store peoples data in the cloud should be sued when they do mistakes or neglect security. I really thing that strong laws should be made that make clouds so hard to implement that they will go extinct. But that's just me, I guess...

    The other thing is that when personal data leaks happen in the web the punishment seems inproportionally smaller than the ones happen the traditional way even though leaks are larger in numbers...
  • 0 Hide
    chaos133 , June 29, 2011 11:39 AM
    This is the reason why I don't trust the cloud for sensitive data.
Display more comments
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter