21Jun/110
Dropbox drops the ball
It was posted yesterday, on the Dropbox blog, that a recent code update to the Dropbox programming left user's accounts accessible by any password given for a period of around 4hrs.
Yesterday we made a code update at 1:54pm Pacific time that introduced a bug affecting our authentication mechanism. We discovered this at 5:41pm and a fix was live at 5:46pm. A very small number of users (much less than 1 percent) logged in during that period, some of whom could have logged into an account without the correct password. As a precaution, we ended all logged in sessions.
It is suggested that you take the time to re-secure your account with a new password; preferably not close to what it was.