At a time when hackers are on a tear looting information willy-nilly from insecure sites on the Web, Dropbox did the unthinkable Sunday it allowed anyone in the world to access any one of its 25 million customers online storage lockers simply by typing in any password.
Dropbox, one of the most popular ways to share and sync files online, says the accounts became unlocked at 1:54pm Pacific time Sunday when a programming change introduced a bug. The company closed the hole a little less than 4 hours later.
The bug was reported on Dropbox forums and on Pastebin (via security researcher Christopher Soghoian).
Dropbox Left User Accounts Unlocked for 4 Hours Sunday | Threat Level | Wired.com