News and Trends
SHARE
Facebook X Pinterest WhatsApp

Dropbox Password Protection Function Disabled By Bug

Online storage service Dropbox accidentally turned off passwords for four hours, potentially exposing data belonging to its 25 million customers to unauthorized users. The breach occurred when the company applied a code change at 4:54 p.m. EST on June 19 that caused problems with the authentication mechanism, Arash Ferdowsi, Dropbox CTO and founder, wrote in […]

Written By
thumbnail
Channel Insider Staff
Channel Insider Staff
Jun 22, 2011
Channel Insider content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Online storage service Dropbox accidentally turned off passwords for four hours, potentially exposing data belonging to its 25 million customers to unauthorized users.

The breach occurred when the company applied a code change at 4:54 p.m. EST on June 19 that caused problems with the authentication mechanism, Arash Ferdowsi, Dropbox CTO and founder, wrote in the company blog June 20. The problem was discovered about four hours later and Dropbox killed all of the sessions of those who were logged in and accessing the data.

The password issue allowed anyone in the world to access any of the 25 million accounts and the information stored inside by typing in any string as the password. The bug was possible because Dropbox handles encryption and decryption on its servers instead of the individual user computers. Since it holds the encryption key, it controls who can open the files, not the user.

"This should never have happened. We are scrutinizing our controls, and we will be implementing additional safeguards to prevent this from happening again," Ferdowsi wrote in his blog.

The issue was fixed at 8:46 p.m. EST, five minutes after it learned of the issue, according to Ferdowsi. The company also notified all those who had logged in during that four-hour window and asked them to review their account activity details. Concerned users can also directly contact Dropbox either through support@dropbox.com or security@dropbox.com, the company said.

“This kind of event underscores what a lot of people have been saying for a while no cloud provider is immune from making the same basic administration mistakes that all other organizations make,” Geoff Webb, senior product manager at Credant Technologies, told eWEEK. The difference for cloud providers is that when a problem occurs, it affects a bigger user base. Much of the data is “probably not sensitive at all,” but considering many enterprises rely on the service to store business information, having accounts unprotected for several hours increases the potential of a damaging data breach, Webb said.

To read the original eWeek article, click here: Dropbox Accidentally Turned Off Passwords on File Storage Service

thumbnail
Channel Insider Staff

Recommended for you...

thumbnail
CrowdStrike’s Daniel Bernard on Nord Security Partnership
Security
CrowdStrike’s Daniel Bernard on Nord Security Partnership
Jordan Smith
Jan 28, 2026
thumbnail
Cloudbrink Targets AI Security Gaps with Safe AI Expansion
Security
Cloudbrink Targets AI Security Gaps with Safe AI Expansion
Victoria Durgin
Jan 27, 2026
thumbnail
Evergreen’s Craig Fulton on Why MSP Operations Matter in 2026
Running an MSP
Evergreen’s Craig Fulton on Why MSP Operations Matter in 2026
Victoria Durgin
Jan 26, 2026
thumbnail
AI Is Fueling Demand Intel Didn’t Expect
AI
AI Is Fueling Demand Intel Didn’t Expect
Allison Francis
Jan 26, 2026
Channel Insider Logo

Channel Insider combines news and technology recommendations to keep channel partners, value-added resellers, IT solution providers, MSPs, and SaaS providers informed on the changing IT landscape. These resources provide product comparisons, in-depth analysis of vendors, and interviews with subject matter experts to provide vendors with critical information for their operations.

facebook
linkedin
youtube
rss
spotify
x

Company

About us Contact us Advertise with us

Categories

Channel Business Security AI Infrastructure Lists & Awards Resources

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information