DropBox Sued Over Recent Password ''Bug''

Contributing Writer

A class action lawsuit was filed against Dropbox by one of its users in the U.S. District Court in San Francisco. The suit clams that the San Francisco-based company violated the California Unfair Competition Law while also adding charges of invasion of privacy and negligence. Additional details regarding the lawsuit were not not given.

As reported last week, Dropbox introduced updated code into the backend that inadvertently turned off the service's authentication mechanism for approximately four hours. That meant user accounts were left wide open for anyone to gain access, as the accounts didn't require passwords during that timeframe. For those who store sensitive data in Dropbox, the possible exposure could have been devastating.

"This should never have happened," said Dropbox CTO Arash Ferdowsi in a blog. "We are scrutinizing our controls and we will be implementing additional safeguards to prevent this from happening again. We are sorry for this and regardless of how many people were ultimately affected, any exposure at all is unacceptable to us."

The lawsuit claims that Dropbox user Cristina Wong of Los Angeles didn't know about the security failure until days after the incident took place. She wasn't informed about the possible exposure through Dropbox itself, but instead from new outlets. In Dropbox's defense, the company said that it would only contact customers whose accounts were accessed during the 4-hour window. According to Ferdowski, only 1-percent of its user base actually accessed their accounts.

"Today we sent an email directly to users whose accounts were likely compromised during the recent security lapse," Ferdowski said at the time. "According to our records, there were fewer than a hundred affected users and neither account settings nor files were modified in any of these accounts."

The lawsuit notes that Dropbox actively encourages its users to store sensitive and personal data in its virtual cloud because of the service's superior security. The company itself even claims that more than 25 million people have joined Dropbox and are using it to save more than 200 million files every day. These files are available from any computer, smartphone or iPad.

Based on the available details surrounding the lawsuit, the biggest issue seems to be that Dropbox didn't inform every user of the security issue, but instead chose to offer an update in a blog. So far Dropbox hasn't issue a statement in regards to the current lawsuit.