Dropbox, a popular file sharing and storage service, rolled out a routing server update on Monday afternoon, which for some reason shot off password protection for all Dropbox accounts. The flaw was quickly fixed, but data was left vulnerable for about 4 hours.
Dropbox has reportedly taken the initiative, and emailed all users that were logged in to their accounts during the window of vulnerability. They also issued the following statement:
We’re conducting a thorough investigation of related activity to understand whether any accounts were improperly accessed. If we identify any specific instances of unusual activity, we’ll immediately notify the account owner,” Dropbox CTO Arash Ferdowsi said on the company’s blog. “If you’re concerned about any activity that has occurred in your account, you can contact us at support@dropbox.com.
While this might seem concerning to users of DropBox, it’s reassuring that they definitely seem to be stepping up and making it easy for customers to seek assistance if needed. Users of the service can check their activity to check for unauthorized access by signing in to their account and clicking on the Events tab.