Yesterday Dropbox made a code update that introduced a bug affecting their authentication mechanism which allowed some users (reportedly less than 1%) to login without the correct account password. The bug was quickly discovered and a fix was issued soon afterwards.
The Dropbox team have instigated a full investigation of related activity to understand whether any accounts were improperly accessed. Account owners will be notified in case of any identified unusual activity. If you’re concerned about any activity that has occurred in your account, you can contact them directly via firstname.lastname@example.org.
The following extract was released in the official statement:
‘This should never have happened. We are scrutinizing our controls and we will be implementing additional safeguards to prevent this from happening again.’