I am a huge fan of Dropbox, the cloud service allowing you to sync. your files between computers and also access them via a browser.

I was disappointed to learn today that they had dropped the ball with their security.  In an official blog post they final admitted that a few days earlier they had applied a system update which in effect allowed anyone with your email address to access all your files without a password.  The issue lasted for around four hours.

Now, one could argue that this was unfortunate human error, however you would also assume they have sufficient checks in place to confirm the cornerstone of the login process, especially when they apply updates.

By far the worst issue, for me at least, was their blatant arrogance at not informing the user base.  A re-assuring email would be all it needed but instead they eventually posted an official statement on their blog.  I only found out after reading about it on another site two days later.

Dropbox say they have contacted everyone with an account accessed during the period of the security fault, giving full details on files accessed, etc.  If you are concerned fire off an email to support@dropbox.com

Dropbox now seem to have a bit of work ahead to rebuild their reputation in the community;  lots of people venting their frustration and cancelling accounts -- be prepared to read about people storing their tax returns on line (seriously?!)

For me, I find the service amazingly useful but don't store anything overly sensitive -- it makes you wonder how secure clouding computing is as we continue to be pushed down that road.

On a side note, Dropbox have often been criticised from not encrypting the files they store for you.  There are of courses steps you can take to do this yourself (one good example would be to install TrueCrypt on the PC), however using encryption means you need to have the software installed on each PC you access your Dropbox and it also makes accessing the files from the web impossible.

(in 2010 Dropbox reported a user count of over 4 million and generated over $100m of income)

site by DAJ