Find the latest episode of "The Uncertain Hour" here. Listen

Dropbox drops ball on security

John Moe Jun 21, 2011

There was a four hour window on Sunday, where if you wanted to sign into somebody’s Dropbox account all you needed was their email address. Type in any password and you were in. The bug appeared after an update to their system. According to Dropbox, once the bug was identified, everyone who was logged into an account was immediately logged out. The company less than 1% of users had their accounts accessed in this way.
Still, this nicely illustrates a kind of tricky situation. Of course, this shouldn’t have happened and if you’re going to run a site like this you should be extremely careful about security considering how much information people store on Dropbox. On the other hand, as long as you have the weak link known as humans running things, are situations like this inherently unavoidable?

Marketplace is on a mission.

We believe Main Street matters as much as Wall Street, economic news is made relevant and real through human stories, and a touch of humor helps enliven topics you might typically find…well, dull.

Through the signature style that only Marketplace can deliver, we’re on a mission to raise the economic intelligence of the country—but we don’t do it alone. We count on listeners and readers like you to keep this public service free and accessible to all. Will you become a partner in our mission today?

Your donation is critical to the future of public service journalism. Support our work today – for as little as $5 – and help us keep making people smarter.