Earlier today, a code update to Dropbox introduced a bug that temporarily allowed access to users' accounts and files without authentication via the company's web interface. For approximately four hours, from the time that Dropbox made the changes until the service's developers were able to correct the error, user accounts were accessible by merely typing in the email address associated with the account.
"This should never have happened," Dropbox says on its blog. "We are scrutinizing our controls and we will be implementing additional safeguards to prevent this from happening again."
TechCrunch notes that many Dropbox users store sensitive files using the service, and it's a sobering thought that such files were theoretically freely accessible by anyone for any period of time. Dropbox claims that less than one percent of users logged into the service while authentication was inadvertently optional, and it logged out all user sessions as a precaution.
This is not the first time concerns have been raised over possible security issues with Dropbox, but the fact that user accounts and files were accessible without authentication may mean that users looking for a secure online file storage system may want to look elsewhere when iCloud debuts this fall.