DropBox Sued Over Recent Password ''Bug''

A class action lawsuit was filed against Dropbox by one of its users in the U.S. District Court in San Francisco. The suit clams that the San Francisco-based company violated the California Unfair Competition Law while also adding charges of invasion of privacy and negligence. Additional details regarding the lawsuit were not not given.

As reported last week, Dropbox introduced updated code into the backend that inadvertently turned off the service's authentication mechanism for approximately four hours. That meant user accounts were left wide open for anyone to gain access, as the accounts didn't require passwords during that timeframe. For those who store sensitive data in Dropbox, the possible exposure could have been devastating.

"This should never have happened," said Dropbox CTO Arash Ferdowsi in a blog. "We are scrutinizing our controls and we will be implementing additional safeguards to prevent this from happening again. We are sorry for this and regardless of how many people were ultimately affected, any exposure at all is unacceptable to us."

The lawsuit claims that Dropbox user Cristina Wong of Los Angeles didn't know about the security failure until days after the incident took place. She wasn't informed about the possible exposure through Dropbox itself, but instead from new outlets. In Dropbox's defense, the company said that it would only contact customers whose accounts were accessed during the 4-hour window. According to Ferdowski, only 1-percent of its user base actually accessed their accounts.

"Today we sent an email directly to users whose accounts were likely compromised during the recent security lapse," Ferdowski said at the time. "According to our records, there were fewer than a hundred affected users and neither account settings nor files were modified in any of these accounts."

The lawsuit notes that Dropbox actively encourages its users to store sensitive and personal data in its virtual cloud because of the service's superior security. The company itself even claims that more than 25 million people have joined Dropbox and are using it to save more than 200 million files every day. These files are available from any computer, smartphone or iPad.

Based on the available details surrounding the lawsuit, the biggest issue seems to be that Dropbox didn't inform every user of the security issue, but instead chose to offer an update in a blog. So far Dropbox hasn't issue a statement in regards to the current lawsuit.

Ask a Category Expert

Create a new thread in the Streaming Video & TVs forum about this subject

Title
Title
Subject

This thread is closed for comments

22 comments

Your comment

Ragnar-Kon Jun 28, 2011, 7:30 PM

...instead from new outlets...

news*

Being a Dropbox user... I had no idea this even happened until now.... interesting.
2
amdwilliam1985 Jun 28, 2011, 7:33 PM

Knew that coming.

Living the "American Dream", suing [anything/anyone] to become rich
0
dalethepcman Jun 28, 2011, 7:41 PM

Sadly only the attorneys get rich in cases like this.
0
RazberyBandit Jun 28, 2011, 7:41 PM

^ Class-action suits rarely result in any single party getting rich. The last one I could have taken part in would have netted me a whole $2 and change - not worth the stamps.
3
jdog2pt0 Jun 28, 2011, 7:45 PM

People are getting more pathetic by the day. Maybe I should become an attorney.
-2
hoof_hearted Jun 28, 2011, 7:47 PM

And this is why I will never embrace this overhyped of late "cloud". Also with the recent security breeches on various gaming companies and such, I can't understand this big push to keep more of our data externally.
4
aje21 Jun 28, 2011, 7:50 PM

Not sure the maths are right here: one percent of 25 million is more than "fewer than a hundred".
3
sliem Jun 28, 2011, 7:51 PM

JDog2pt0People are getting more pathetic by the day. Maybe I should become an attorney.

No, don't. You'll end up in Hell where they all belong.
Hahaha.
0
bison88 Jun 28, 2011, 8:27 PM

Just another troll trying to profit off of a piss poor mishap that SOMETIMES happens when you're dealing with that many users and a complex code and system as DropBox. Sure points were proven but the person doesn't really give a damn. Just trying to get some headlines (which they've now done) and collect a few shillings.
-2
shanky887614 Jun 28, 2011, 8:36 PM

why dont these stupied people think, encrypt your data before you upload

i dont know about you but i wouldnt hand my phone switched on to be put in the safe, why becasue the person putting it in the safe/ anyone with access or a potential thief has access to it

how stupied can you get
-2
pcworm Jun 28, 2011, 8:41 PM

damn it
ferdowsi, not ferdowski
you used both names in the article
0
jcoultas98 Jun 28, 2011, 8:52 PM

Screw that, Dropbox was smart. Could you imagine having 25 million users try to call the hotline at once? Instead, they did the research, found out who was affected, made sure they got taken care of. They basically avoided mass panic. Tell Ms. Wong where to shove her eggroll.
0
fir_ser Jun 28, 2011, 8:54 PM

This should make other companies that offer cloud based services to be more careful in the future.
2
mdillenbeck Jun 28, 2011, 9:11 PM

Wait... who puts sensitive data on a dropbox share?!? (...or any other cloud service for that manner.) Sometimes the burden of due diligence lies with the individual.
1
alidan Jun 28, 2011, 10:06 PM

amdwilliam1985Knew that coming.Living the "American Dream", suing [anything/anyone] to become rich

businesses dont give a DAMN about people, they care about money. go on, when was the last time you got change from a nicely written email? you get change when you kick them in their wallets.

a class action isnt about getting money, its about getting change and being damn sure that the lawsuit wont go away without publicity and wont be payed off.
1
RogueKitsune Jun 28, 2011, 11:06 PM

There is almost nothing confidential in my DropBox, and what little there is in there are in encrypted and passworded archives. The reason i do this is because s*!t happens, and if you don't have backup plans you are out of luck
0
_Cubase_ Jun 28, 2011, 11:14 PM

Another win for the cloud! ...not.
1
palladin9479 Jun 29, 2011, 3:51 AM

Uhh huu, sure, store your data in "the cloud" where it's "safe". Eventually people will realize that trusting someone "else" with your sensitive data makes as much sense as trusting someone "else" with your back account, house keys and full power of attorney. You better damn well know how they are and have some sort of legal protection from them abusing that trust. None of that is present in the current "cloud" services.
0
Humans think Jun 29, 2011, 11:36 AM

The only good thing that Dropbox did is that they actually admitted that they made a mistake and they didn't used the hack attack as a scapegoat. Nevertheless companies that store peoples data in the cloud should be sued when they do mistakes or neglect security. I really thing that strong laws should be made that make clouds so hard to implement that they will go extinct. But that's just me, I guess...

The other thing is that when personal data leaks happen in the web the punishment seems inproportionally smaller than the ones happen the traditional way even though leaks are larger in numbers...
0
chaos133 Jun 29, 2011, 11:39 AM

This is the reason why I don't trust the cloud for sensitive data.
0

Display All 22 comments

Display more comments