The previous failing concerned their claim that Dropbox employees were not able to view user files: this was shown to be a flase statement, forcing Dropbox to concede that some of their employees could, indeed, read user files. In fact, the person who raised the profile about this did not mince his words, saying Dropbox lied to users about data security.
The Techcrunch article states that:
Most people probably don’t care if Dropbox employees could conceivably access their filesI disagree. If a company that I entrust my data to lies to me, I want to know about it and I want to reassess my trust. I want to know why they lied to me and what else they may be lying about.
The new security issue involved a bug introduced to the Dropbox server code allowing anybody to access any of their customers' data. I have been in the software business many years: I know how hard it is to write bug free code and how easy it is to make a mistake like this.
Lessons need to be learned and I am quite sure Dropbox are learning them. Hopefully, other errors along similar lines won't occur. But in light of the numerous data breaches and hacks exposed by the likes of Lutz and Anonymous, this will hopefully serve as a reminder to anyone thinking of entrusting their data to a public cloud to think long and hard, not just about the convenience, but of the very real dangers that data will face.
Image credit: digitalart
