Dropbox had a bit of an issue on June 19. The cloud storage service updated its service’s code on that day which ultimately left every account open to intrusion for around four hours. Dropbox says that the code was applied at 1:54pm, but the bug wasn’t identified until 5:41pm. To its credit, Dropbox fixed everything by 5:46, but not before some accounts were potentially compromised.
Approximately “much less than 1 percent” of Dropbox users logged into the service during that period of time. On its website, Dropbox claims 25 million people around the world use Dropbox. Therefore, 250,000 people at the most logged in while the bug was active. Some of those users may have logged into accounts without using the correct password.
Dropbox has emailed all the accounts from people who logged into Dropbox during the unprotected four hour window. It encourages anyone who thinks their accounts may have been improperly accessed to contact customer support.
Via [Dropbox Blog]