On June 19 customers of the Dropbox cloud storage system discovered that they were able to access accounts using any password. The next day Dropbox acknowledged that an authentication bug opened a gaping security hole for a four-hour period that made users' cloud storage accounts accessible without proper credentials.
"This should never have happened," admitted Dropbox CTO and co-founder Arash Ferdowski, in a blog. Customers agreed because little more than a week later they filed a class action lawsuit seeking damages over their data's possible exposure. The suit claims Dropbox was negligent and didn't adequately notify users that their data may have been exposed.
Businesses and consumers are increasingly relying on the cloud for applications, data storage and other services. The Dropbox incident shows that cloud service providers have high expectations to meet. And they can expect legal action when they fail.