On Monday, DropBox, the cloud storage giant revealed that for four whole hours on Sunday, its entire storage system was available to the public without providing a password. From 1:54PM to 5:41 PM their entire security system failed. DropBox co-founder and CTO Arash Ferdowsi wrote on the company blog that:
This should never have happened. We are scrutinizing our controls and we will be implementing additional safeguards to prevent this from happening again.
The site has 25 million members and has emerged as the the leader in the cloud storage market. The company claims that it is dedicated to security and that during the time of the failure, less than 1% of its users were logged in. When they discovered the breach, the company said they ended all logged in sessions immediately. On Tuesday they also notified users who were logged in about the event.
Such events highlight the problems with cloud storage services. Is your data really safe when you hand it over to another company to hold for you? This is the main reason lots of large enterprises have witheld from the move to the cloud.