Last week I asked if Apple’s forthcoming iCloud service spells doom for Dropbox. My conclusion was no, iCloud does not pose a critical threat to Dropbox, but this week I’m worried about a new threat to Dropbox’s viability: Dropbox themselves.
Yesterday Dropbox disclosed a “bug” they’d introduced that allowed users to log into any Dropbox account using an arbitrary password. That is, if you have a Dropbox account, all a potential hacker would have to know was your e-mail address, and he would have unfettered access to your entire Dropbox.
Although the impact of the bug on users was mitigated a short lifetime in “the wild” (about 4 hours on June 19th), the impact on Dropbox’s reputation will likely be everlasting. It is inexcusable such an egregious bug would not be caught by an automated testing or manual QA processes.
Dropbox has been an incredibly popular service among lawyers and non-lawyers alike, but a company asking users to entrust it with private data cannot afford mis-steps like this. If you are storing sensitive data on Dropbox, seriously consider encrypting your data prior to storing it on Dropbox, or look to alternatives to Dropbox that encrypt your data by default, such as SpiderOak.