Dal blog Digital Inspiration di Amit Agarwal:
Something really scary happened at Dropbox yesterday that should worry anyone who have trusted their important files with the service.
The Dropbox system was left wide open for about 5-6 hours yesterday and anyone could sign-in to your Dropbox account if all they knew were your email address. They could just type any random characters in the password box and the system would let them in. Scary!
Dropbox has since then fixed the bug but what concerns me is this casual statement that they posted in response to such a serious security breach:
A very small number of users (much less than 1 percent) logged in during that period, some of whom could have logged into an account without the correct password.
At an event the previous month, founder Drew Houston was quoted as saying that the Dropbox service has 25 million users. That means about 250,000 users logged into Dropbox during that window and it’s definitely not a small number.