14 DAY TRIAL // Dropbox has notified around one hundred users that their accounts were accessed by an unauthorized individual who exploited an authentication flaw.
Dropbox announced earlier this week that a bug was accidentally introduced by the company's developers during a code update and allowed users to access other people's accounts without requiring a password.
The vulnerability was live for four hours, during which time apparently someone took advantage of it.
"During our forensic analysis, we discovered that an extremely small number of accounts, including yours, were subject to some suspicious activity," Dropbox's CEO Drew Houston wrote in a letter to affected customers.
"We will continue our investigations, but as best as we can tell right now, a single individual took advantage of the lapse to access fewer than a hundred accounts," he revealed.
Houston instructs users to monitor their credit for suspicious activity and to visit the FTC's website for resources on how to protect themselves against identity theft.
The company is offering a free subscription with a credit monitoring service for victims and advises them to cancel any credit cards whose information was stored in their accounts. Of course, all passwords should also be changed immediately.
"I cannot express how deeply sorry I am. Dropbox is my life, and I know that we are only as good as the trust we have built with our customers. This should not have happened, and I am hopeful that you will give us the chance to make this right and regain your trust," Houston writes.
In addition, he provides a phone number that users can use to speak with him directly and ask questions about the incident and try to assist them. He even offers to call them himself if requested.