14 DAY TRIAL // Dropbox faces a class action lawsuit over a recent authentication bug introduced accidentally by its developers which made people's files available to others.
According to ConsumerAffairs.com, the lawsuit was filed in California's Northern District Court by a Los Angeles Dropbox customer named Cristina Wong.
Wong claims in the complaint that she learned about the incident from the a news story several days after it happened.
The lawsuit accuses the San Francisco-based company of violating California's Unfair Competition Law, negligence and invasion of privacy.
On June 20, Dropbox announced via its blog that a bug in its website made it possible to anyone to access other people's accounts without the need of a password for a period of four hours.
The company said that less than one percent of its 25 million users logged in during that time and were potentially affected by the security breach. It was later determined that someone actively exploited the hole to access under 100 accounts.
All of the affected users were privately notified by Dropbox's own CEO Drew Houston and were offered a free subscription with a credit monitoring service. "I cannot express how deeply sorry I am. Dropbox is my life, and I know that we are only as good as the trust we have built with our customers," Houston wrote in his letter.
The company was criticized because it chose to make such an important announcement only on its blog, instead of emailing everyone. Doing so would have probably cost it a lot users and credibility, but this didn't seem to matter for LastPass which faced with a possible, yet unconfirmed, breach recently decided to alert everyone.
The lawsuit points out that Dropbox claims its system to have superior security and encourages users to store their sensitive personal files in their accounts.