eCommerceNews New Zealand - Technology news for digital commerce decision-makers
Story image
Software developer duo hack Dropbox
Mon, 2nd Sep 2013
FYI, this story is more than a year old

Two software developers have reportedly hacked cloud-bases storage provider Dropbox, a move the company is dismissing as "ineffective."

Bypassing its two-factor authentication, a paper published on usenix.org entitled 'Looking inside the (Drop) box', has claimed responsibility for the breach.

"In spite of its widespread popularity, we believe that Dropbox as a platform hasn’tbeen analyzed extensively enough from a security standpoint," wrote developers, Dhiru Kholia and Przemyslaw Wegrzyn.

"We describe a method to bypass Dropbox’s two factor authentication and hijackDropbox accounts.

"Additionally, generic techniques to intercept SSL data using code injection techniques and monkey patching are presented.

"We believe that our biggest contribution is to open up the Dropbox platform to further security analysis and research."

In response to the breach, a Dropbox spokesperson told Computerworld:

"We appreciate the contributions of these researchers and everyone who helps keep Dropbox safe.

"In the case outlined here, the user's computer would first need to have been compromised in such a way that it would leave the entire computer, not just the user's Dropbox, open to attacks across the board."

The website currently has over 100 million users who upload as man as a billion files per day.