The “cloud” is great, until something goes drastically wrong. Sometime on Sunday, online file-hosting service Dropbox pushed out a system update, inadvertently letting anyone log into any Dropbox account without a password.
The code created a bug in the system, and for nearly four hours, anyone could take advantage of the glitch.
The company admitted the error, noting that very few of its users were actually affected:
“Yesterday we made a code update at 1:54pm Pacific time that introduced a bug affecting our authentication mechanism. We discovered this at 5:41pm and a fix was live at 5:46pm. A very small number of users (much less than 1 percent) logged in during that period, some of whom could have logged into an account without the correct password. As a precaution, we ended all logged in sessions.”
Dropbox is promising to stay vigilant and monitor any unusual activity, notifying any affected users. But what’s a girl (or guy) to do if you’re worried about file security, even if you’ve triple-checked your account and changed your password?
If you don’t want to drop Dropbox, Lifehacker has suggested adding an extra layer of protection by encrypting your files. Even Dropbox suggests you might want to start thinking about locking your data down a little bit more securely by taking security into your own hands.
Lifehacker highly recommended using a service like SecretSync, a beta Windows program that automatically encrypts contents in a folder, and then syncs it to Dropbox. But if you want to get down into the weeds, encryption program TrueCrypt should be your weapon of choice (which is also something we’ve totally suggested before). They’ve covered several handy TrueCrypt methods that should more than adequately cover Dropbox users. It’d be worth it to take a look for at least the piece of mind.