Yesterday’s Authentication Bug

Posted by Arash Ferdowsi on June 20, 2011
Hi Dropboxers, 

Yesterday we made a code update at 1:54pm Pacific time that introduced a bug affecting our authentication mechanism. We discovered this at 5:41pm and a fix was live at 5:46pm. A very small number of users (much less than 1 percent) logged in during that period, some of whom could have logged into an account without the correct password. As a precaution, we ended all logged in sessions.

We’re conducting a thorough investigation of related activity to understand whether any accounts were improperly accessed. If we identify any specific instances of unusual activity, we’ll immediately notify the account owner. If you’re concerned about any activity that has occurred in your account, you can contact us at support@dropbox.com.

This should never have happened. We are scrutinizing our controls and we will be implementing additional safeguards to prevent this from happening again.

-Arash

[Update - Mon, 10:46pm] – We’re working around the clock to gather additional data and continue to review logs for potentially unauthorized activity. We aim to notify users who had login activity during the period within the next few hours.

We are sorry for this and regardless of how many people were ultimately affected, any exposure at all is unacceptable to us. We will continue to provide regular updates.

[Update - Tue, 2:49am] – At this point, the accounts that logged in during the period have been emailed with additional activity-related details for review. If you have any questions or concerns, please contact us at support@dropbox.com.

[Update - Fri, 1:59pm] – Today we sent an email directly to users whose accounts were likely compromised during the recent security lapse. According to our records, there were fewer than a hundred affected users and neither account settings nor files were modified in any of these accounts. Our team has been working tirelessly to review what happened and to make sure that it never happens again. At this point, we have contacted all these users and provided them more detail. We will continue to provide updates when available.

1,873 Comments to Yesterday’s Authentication Bug

Jimmy Blake
June 20, 2011

I'm really hoping that this encourages Dropbox to switch to a means of encryption where decryption of any kind is not available on the server side, and the only means of unlocking your data is on the client end with the correct key.  While this may kill the ability to save storage space on the server side through de-duplication, I believe the benefits to users' peace of mind far out weigh the extra costs.

TrojanCentaur
June 20, 2011

This is the second rather serious security stuffup this year, guys. I was tempted to join up, but you can count me out now. These safeguards you refer to should have been there in the first place, especially in light of events this year. Terrible shame, it looked like such a good service too. Ah well.

mindctrl
June 20, 2011

I'm done with Dropbox. Lies. Poor management. Bad programming. Poor deployment decisions (one example: forcing Growl onto Mac users without disclosure). Purposeful withholding of obvious features, like sync folders or download whole folders on mobile. Sad, really. It had so much potential.

Anonymous
June 20, 2011

please provide built-in full encryption with keys we specify and which you have no access to or i'll just switch to a service that does.

Robert Basil
June 20, 2011

I've been a paying Dropbox users for a few years now. But after the problems over the past 6 months I've now started my search for a different solution. I'm sad as I really liked Dropbox.

Nick Farina
June 21, 2011

Yeah, Dropbox is still by far the best file sharing system on the planet, and they are always on top of things.

Here's a lesson for everyone: don't put secure information—that you didn't encrypt yourself—onto The Internet, and expect some other entity to protect it flawlessly. This is common sense, guys.

Anon
June 21, 2011

This is the final straw for me.  Hearing it via the press is a punch in the gut.  I'm off to spideroak.

Lulz
June 21, 2011

This isn't good enough DropBox. You can't do basic testing on your authentication screen after a change? Just not good enough.

#DropboxFAIL

Grapeshield
June 21, 2011

I just want to commend Dropbox on their speedy, yet intelligent response, and their nice transparency in this issue.

Brian Long
June 21, 2011

Sorry, but I deleted my account. The fact that you didn't have an end-to-end negative test for authentication proves that I can't trust Dropbox with my data. :( That and I had to read about it in Pastebin, of all places, TODAY, instead of yesterday in an email from Dropbox, at pretty darn near 5:47pm.

Rambo
June 21, 2011

hm.. its a hard choice. Awesome product vs. bad security. So I have decided to put only information that is not sensitive on Dropbox.

Please work on fixing your security (or the lack of it) reputation. Have you ever heard Google or Microsoft screwing up user login process?

Odin Dutton
June 21, 2011

Thanks for the transparency, I love the Dropbox service, everyone makes mistakes.

CB
June 21, 2011

This is unfortunate, but they resolved the issue in literarily 5 minutes. Can I ask who you are planning on switching to that you feel will be able to respond more quickly?

michael
June 21, 2011

Shit happens. I don't know of anyone whose life was destroyed by this (at least not yet). I know Citibank has done worse things and I have yet to hear their CEO even acknowledge problems.

I for one will be staying with our Dropbox overlords.

As far as I know there has only ever been 2 problems in the last 4 years. I can live with this ratio – as long as this number doesn't jump suddenly again.

Stephen Mok
June 21, 2011

They may have fixed it in 5 minutes, but they took 4 hours to identify that something had gone wrong in the first place!

Also, this is the kind of bug that should NEVER have made it into production!

Jeff Vyduna
June 21, 2011

Thank you for the candid apology and disclosure.

I trust you'll be beefing up your automated test suite at all layers around authentication and access control. It seems like a problem that a robust continuous integration suite could help with.

Marcio von Muhlen
June 21, 2011

Congrats to Dropbox for being open and transparent on this issue.

Tony Webster
June 21, 2011

This is completely unacceptable and warrants hourly updates until you know exactly what happened.  When security is critical to your offering, you should be running unit tests on every deployment and additional security tests.  This clearly indicates the need for re-engineering Dropbox security.

As to moving forward, every single Dropbox customer should be getting an e-mail right now about this — not hearing about it from other sources or from a seemingly calm-toned blog post.  Dropbox hasn't even tweeted about this a full 24 hours after it happened.  I know I would like disclosure of every single action happening on my Dropbox account during the four hours anybody could access it, and I need that information immediately.

This fire is about to get kindled unless you put it out with full and complete transparency.

Guest
June 21, 2011

How about an apology?

Swagato Bhatta
June 21, 2011

Problems happen in life. But that doesn't mean we should just stay quite. Best thing is finding solution and fixing it and making sure it never happens again. Kudos to dropbox for finding solution and fixing it.

Jarred Sumner
June 21, 2011

There is an alternative. Dropbox could have a “has of a hash”, where the second layer of hashing is unrecognizable without Dropbox's decryption key. The first layer is the contents of the file hashed, and the second the contents of the hash of the second layer's hash using AES256 or something similar. This second layer of hashing is decryptable, so Dropbox can still allow for deduplication, but the file is still encrypted and only fully decryptable using the client's decryption key.

edit: I didn't read enough about encryption before posting this. The first hash would be unique because it would have to have a unique password, causing deduplication to fail. I'm going to continue reading about encryption now.

Alexi Helligar
June 21, 2011

I'm suddenly feeling insecure as well. I love the service and I have promoted it heavily to many paying clients. Now I'm starting to feel burned. It goes without saying that this is a very serious matter and a black eye for Dropbox.

Vincent Demers
June 21, 2011

I'm sorry I had to delete my account because I loved Dropbox, but I used it to store personal information and this kind of incident cannot be forgiven under any circumstance.

Nick
June 21, 2011

except for not emailing their userbase…

Jarred Sumner
June 21, 2011

Wait, that wouldn't work because the hash of the first layer would be different from other hashes of the first layer, because they use different passwords. Please disregard what I said while I read more about how encryption works.

HealthyPassword
June 21, 2011

According to http://www.geek.com/articles/n… it looks like they only found out because a friend of Christopher Soghoian accidentally fat fingered their password and noticed it.  That person tried it again then tried a different person's account with the same result.  Had that person not contacted dropbox's helpdesk, the problem may have gone on for days.  It looks like dropbox may need to put some better controls on QA.  (maybe architecture first.  No system should allow security bypass like that).

Asdf
June 21, 2011

Know of one with a UI as simple as Dropbox?

Steve
June 21, 2011

Thanks for honesty and transparency.  I have however deleted my account until I can be assured that new security measures are in place.

Anonymouse
June 21, 2011

Read it again – they haven't actually apologised. Nowhere do they say they are sorry, just that it shouldn't have happened.

faunzy
June 21, 2011

When there's a security breach at Dropbox, I hear it from my co-workers.

Game Over.

Jonathan Bieniek
June 21, 2011

my email address and password are both the same…is that bad?

waxnoo
June 21, 2011

Dude, no way man I never even thought about it liek that.

http://www.web-privacy.no.tc

Coolmysore
June 21, 2011

Dropbox team.. you are a bunch of losers!

Ed Marshall
June 21, 2011

I started evaluating SpiderOak today, in response to both this event, and long-standing concerns about data encryption. Technically, they fulfill the requirements: point-and-shoot folder-based sync, multi-platform, and multi-system. The user experience, sadly, is sub-par (but, I should qualify that by saying that Dropbox has set a fairly high bar for me here).

However, the user experience only matters to me during initial setup; after that, I won't be interacting much with the software. I'm a little uncomfortable with the web interface, although the fact that they don't persist my key server-side should mean that if I don't use it, I'm covered. (I'm less clear on whether I should be concerned about the iOS client.)

Anyway, I'm not leaving Dropbox just yet. But, if SpiderOak proves to meet my needs after evaluating it for a while, and I don't see any movement on Dropbox's end to provide a client-side encryption option, I'll probably switch.

W123789
June 21, 2011

Wait, so you're using the internet to store “personal” information?
Please tell me you see the flaw in expecting the internet to be a 100% completely safe place.

travney
June 21, 2011

I quit using Dropbox from a month ago. Good thing I did. Never coming back.

Dnp607
June 21, 2011

Does anyone have a recommendation for a cloud service similar to dropbox, but that is more secure and doesn't have these issues? Is Box.net better? Can't really have this happen – even once is too much so it's time to go. Thanks for any recommendations.

wardmundy
June 21, 2011

Simple or secure? That should be a no-brainer.

Ryan Kearney
June 21, 2011

Can anyone recommend an alternative to Dropbox that has good mobile support? I was looking at Sugar Sync and box.net. So far Sugar Sync is winning due to price alone as box.net just seems woefully overpriced for what it does.

Guillaume Carre
June 21, 2011

99% of Dropbox users don't read Techcrunch and Dropbox's blog, how can you call this “transparency”??

Bill Sodeman
June 21, 2011

Agreed. I found out through a TechCrunch post on Facebook. Very disappointing, to say the least.

Bill Sodeman
June 21, 2011

Amen. This announcement was as transparent as a brick.

Martian
June 21, 2011

Nothing is a completely safe place on this planet.

Joe
June 21, 2011

This is a huge deal.  I've removed everything from my account and can never again recommend Dropbox to family or friends.

Cannot believe people are okay with this or thanking Dropbox for their “prompt” reply.  Where is the alert at the top and center of dropbox.com?  Where is the email to every user letting them know every single file in their account could have been pulled by anyone for 4 hours and an attached detailed activity history for that 4 hour window?

Blown away.

Dustin Cloues
June 21, 2011

I'm not willing to gamble on whether you'll get your security in order. I deleted my account today and will recommend that my friends do the same.

Michael
June 21, 2011

What transparency are you referring to? They waited more than a full 24 hours to disclose this and then apparently only after it was all over the Internet. And no real information forthcoming -just an “oops, won't happen again, no biggie”.

Leon Green
June 21, 2011

This is very troubling news, I've been a big fan of Dropbox for sometime now, and have persuaded others to use it also. 

Dropbox needs to get in front of this with a proper statement of apology, perhaps even an increased storage free offer and clear plans for ensuring this type of thing doesn't happen or if it does is caught faster than four hours.

Leon Green
June 21, 2011

I *think* that was thinly veiled sarcasm…

Ted Wood
June 21, 2011

This is a disappointing blog post after a disappointing event. I'm usually in full support of Dropbox, but to have not identified this very serious issue for FOUR hours, someone wasn't doing their job. Authentication should always fall back to FAIL, not SUCCESS.

ImSpartacus
June 21, 2011

Absolutely.

Dropbox isn't some fly-by-night company. They have a reputation to uphold.

I am disappointed in how Dropbox has handled this situation so far.

Gdenne
June 21, 2011

Absolutely, agree. Dropbox, what are you doing? You're screwing up your brand and reputation.

Guest
June 21, 2011

Fixed in 5 minutes…after 4 hours of exposure.

Guest
June 21, 2011

I'm glad I switched to Wuala a while ago, except for some shared stuff I still do here. There, the password never leaves my computer, and even if there are glitches on the company side, my files can't be accessed in this way, as everything is encrypted on my computer, and the key stays with me. 

Also, this glitch just shows that indeed it should be quite easy for Dropbox employees to access your data…!

DocAustin
June 21, 2011

The lack of direct disclosure to customers is completely unacceptable. I should not be finding out about this on TechCrunch. This is why state legislatures are passing laws forcing vendors to disclose breaches. Minus one more customer.

Ted Wood
June 21, 2011

Increased free storage for who? Users that are already using the service for FREE? Or just for paying customers? If they awarded just paying customers, are they sending the message that they don't value their free users? Fine line.

Only affected users should be compensated in some form, not everyone.A statement of apology is all that is needed here.

techydude
June 21, 2011

Oh how the mighty have fallen :(
Having said that, how many of you overly self-entitled schmucks ripping Dropbox a new one pay *nothing* for the service's default 2GB free, hmmm?
I keep nothing in my Dropbox that isn't already encrypted, or is of no value.

Ted Wood
June 21, 2011

Not appropriate at all. Go away.

Kevin
June 21, 2011

why havent you emailed everyone (i heard through wired)

Sunfos
June 21, 2011

Wuala.com
I moved to them from Dropbox when Dropbox not so long ago changed their agreement concerning privacy regulations.

Anonymous
June 21, 2011

I find it unlikely there wasn't a negative unit test for something this, which leads me to think it was actually a failure of the testing environment. Would this be a fair assumption? If there was no unit test, it brings into question the integrity of every other facet of Dropbox.

Vincent Demers
June 21, 2011

I never said I expected the internet to be 100% safe man…chill out.

I just had this wild idea that a site bragging about how secure my files are with them wouldn't actually let anybody who knows my email address access all my files, and for a full 4 hours.

Ds
June 21, 2011

i love dropbox too, i was even part of the original beta test and countless people have joined because of my recommendation but this is unacceptable. Would it be ok if this happened your email

Ivan Sanchez
June 21, 2011

Shouldn't I have received an email about this?  I don't think an unrelated blog should have posted this information to me some hours after this passed.  Aside from the “possible” security concerns, the lack of timely personal disclosure to customers is really disappointing.

Moses
June 21, 2011

When incidents of this nature occur, I would expect an email at the minimum. Finding this out from a blog or other third parties is a bit insulting and very unprofessional. Mistakes happen but making more mistakes by not informing your user base through as many communication mediums as possible is unacceptable.

Beavis De Milo
June 21, 2011

Correct, but I would rephrase your comment somewhat. 

They HAD a reputation to uphold.  Now they have a reputation to live down.

Joe Sixgig
June 21, 2011

Ouch. I'd like a list of logins to my account and a list of originating ip addresses. And I'm cleaning out confidential files. Scary stuff.

aksbhat
June 21, 2011

Can you try to analyze the geographical information of people who accessed the accounts to look for any attack.

Guest user
June 21, 2011

Alternatives?

IQuit
June 21, 2011

The lesson is that dropbox completely failed to live up to their promises and advertising. https://www.dropbox.com/featur… How many times do they stress that your data is safe, secure and encrypted on their features page? I don't expect flawless protection, but complete lack of account protection for a data storage company is totally unacceptable.

Steven Shults
June 21, 2011

Ok then. I'm done telling people to use Dropbox for anything.  Security should be your first priority at all times, not an afterthought.

AMorganis
June 21, 2011

Considering how much I have relied on Dropbox, this breach is frightening, and I completely agree with Tony Webster's comment: an email should have went out to every user. This breach gives me serious doubts about my trust in Dropbox.

Jeremy R
June 21, 2011

why do you let people start a revolution against your company on your blog!?!  Anyone who reads this will be pulled to write something bad.  Not that you have not F'd up enough already but now you're letting your blog be the mob place to kick your ass with half assed speculation.  COme on

addorange
June 21, 2011

This is completely unacceptable. How does Dropbox plan on taking responsibility for this breach of privacy and what do you plan to do so that this NEVER happens in the future? Also any good reasons why every user shouldn't sue Dropbox for breach of confidentiality?

raghunathj
June 21, 2011

travney
June 21, 2011

I deleted my Dropbox account a month ago, when people were being sued by the RIAA for storing music in dropbox (aka the cloud). Sunday was a great day for the RIAA; unfettered access.

raghunathj
June 21, 2011

Common guys, i only see people just talking shit about Dropbox. As a potential user of Dropbox i can see the positive of it. I agree that this is a big security hole but still errors happen and i am thankful for identifying the problem and securing it. Anyways they have given u their e-mail id, just mail them and ask for the log for ur account so that if there is any file transaction has happened on that period of time.

@Dropbox – You need to be more sure that nothing goes wrong before u do any update, coz thousands of people trust you and put some confidential data. Also an email to the users with an apology will help out. But still there is a loss in the reputation. Hoping this never repeats

Tim Hodge
June 21, 2011

After you apologize for the problem happening in the first place (which you haven't done) you can feel free to apologize for STILL not emailing your users to tell them there was an issue.  That I found out about it well over 24 hours after the fact because I happened to see a post on HN is maddening.

As tech people we recommend your solution to “regular” people because it's easy to use and it just works.  Easy enough for my mom to use, for example.  How exactly was she supposed to find out that her information may have been exposed?  Your product has moved beyond early adopters to real people that pay real money for a real service.  You need to start acting like you get that, and your post above does not do that.

This is not transparent, this is not professional, this is not at all acceptable.

Juan Jaramillo
June 21, 2011

This is beyond unacceptable. Is there no testing taking place at Dropbox? Testing for password combinations should be standard required procedure for any production release.

I am very disappointed and seriously considering alternatives. As a paying customer, I demand the ability to view the ip addresses that have accessed my account in addition to being able to lock down access to my account to certain IP addresses.

At this point I feel potentially violated as I don't know whether my files have been access by third parties without my consent.

Thank you.

Mel Walker
June 21, 2011

I agree. I've personally seen for-pay “secure” cloud services go completely offline longer than this error, which apparently was fixed quickly once discovered.
Bad testing on DB's part? Yes.
Catastrophic failure? Nope.
And I laugh at the people “concerned about security” who wanted Dropbox to send hourly emails about a bug they didn't know they had that involved anyone being able to login without a password.

Sean Lin
June 21, 2011

Most people complaining here are on a free plan? Get a life people, you get the thing for free and be grateful for it and give them a chance to fix it.

Grant Gouldon
June 21, 2011

hey accidents happen, that's understandable.
But what's not understandable, and what is unforgivable, is that you did not inform us.
I had to find out elsewhere, not from you.

WTF?

You have lost my trust.

Concerned_dropbox_user
June 21, 2011

I agree that this is TOTALLY unacceptable. I have recommended Dropbox to scores of companies plus use it myself.

I suggest you send an email to all customers apologizing for this incredible failure on your part to do BASIC testing!

JuanGuapo
June 21, 2011

Canceling my Dropbox account. 4 hours is 3.5 hours too many for me.

Jordan Jones
June 21, 2011

Unit tests on that shit.

Kjphotog
June 21, 2011

yea citibank send a form letter with no info other than acct info has been leaked out

Gallan
June 21, 2011

People make mistakes – in this case many people – considering the update was large enough to introduce such a problem but not inportant enough to independently test? At least an email with log of activity and IPs should be automatically generated and sent to users with an apology.

Could you imagine if we had all gotten an email with this log 99.99999% showing no suspicious activity. People who use dropbox are not idiots. It would be proper to be open about the issue. I heard about it on cnet.

Jean-Christophe Blachere
June 21, 2011

Just want to post POSITIVE comments on Dropbox.  As a free user of the service (4.75 Gb free storage), I find it absolutely fantastic and am actually considering joining up for paid storage.

Of all the people ranting and raving on this blog, how many actually pay something for their storage of oh, how highly confidential data such as… what exactly?  Get a grip guys!  If you store your passwords or the launch codes for nuclear missiles on line, isn't it actually YOUR problem?  Stop with the spreading of FUD…

Dropbox, you fucked up, and all of us who love the system hope you've learnt from the mistake and will take steps to prevent it from happening again (in any shape or form)…  That being said,  a lot of users still love you, wouldn't even have batted an eyelash if not for the whistle-blowers and haters.

grawss
June 21, 2011

Do you honestly believe people are fine with not knowing their accounts and information may have been accessed?

Send that “less than 1%” of people an email with a list of every IP address that accessed their account and the time of access. This will allow people to do their own investigation, which would be 100% more simple and effective than whatever Dropbox could come up with.

If I have a list of IP addresses, I can find out whether my account was accessed by anyone but me in less than five minutes. Considering how long it took you to find this security hole, and how long it took you to post it on your blog, I for one do not trust you in this matter.

ainstushar
June 21, 2011

except for not tweeting about it.
except for not posting on the same day.
except for not telling me if my account was affected or not.

Security holes are a major concern for cloud based file storage. So ALWAYS keep your confidential files on YOUR computer. In this day and age, gigantic corporations like Sony and various banks are affected by security holes, so this little problem of Dropbox is not a big deal.

If you want to store your confidential financial information, use a service that caters to enterprises (amazon s3). Not a service that caters to masses. Encrypting your files before storing it online isn't a bad idea!

Cloud storage is a new concept, so learn to treat your data more securely. Don't be stupid. This sort of stuff will happen in the future. If your confidential info got stolen, then blame dropbox and blame yourself!

Jean-Christophe Blachere
June 21, 2011

Excellent post!  Dropbox, like everyone has a learning curve.

Jean-Christophe Blachere
June 21, 2011

Why even bother with such a post?

Jean-Christophe Blachere
June 21, 2011

Good for you!  And good for us!  More space available :)

Dropthis
June 21, 2011

Yeah, Dropbox is great at learning from fuckups http://www.wired.com/threatlev

Jean-Christophe Blachere
June 21, 2011

Duhhh….

Matthew Carpenter
June 21, 2011

“Dropbox is safe and secure, not even Dropbox admins have access to your files.”  Isn't that what the promise was?  I'm thinking maybe the only reason Dropbox admins don't have access to your files is because they don't know how to turn on their computers in the first place.

Their programmers sure don't know how to implement a simple password check.  Hint: if (pass_hash != stored_hash) denylogin();

The marketers don't know how to not lie either.  If our files were encrypted properly, this wouldn't have happened.  Even if unauthorized people could log in, they wouldn't have access to the files.  Hint: Encrypting the server with one key is not the same as encrypting individual accounts with individual keys.

I learned the password thing in my in less than a single week of a semester of PHP class, and the encryption advice the first week of IT security.  Both yours free.

Chinkchong
June 21, 2011

On what are you basing you assumption that the majority of people complaining here are on a free plan?

Jean-Christophe Blachere
June 21, 2011

It's ok, as 99% of Dropbox users also don't pay a dime for the service… do you?

John Bradshaw
June 21, 2011

I'm not sticking around for your company's next mistake. Put your users' security first, everything else second.

So long!

Here's the link if anyone else wants it: https://www.dropbox.com/accoun

Dropballs
June 21, 2011

I, for one, have emailed them asking for jus that. 12 hours later…… no response. To add insult to injury, Arash posts this information 8 hours after my email with this: “If you’re concerned about any activity that has occurred in your account, you can contact us at support@dropbox.com.”

What a sub-par response from a sub-par CTO.

Jean-Christophe Blachere
June 21, 2011

Good for you! Feel free to go store your “personal” (and I assume confidential) information somewhere else on line and see what happens… More space on Dropbox for us who'll stand by the service :)

gp
June 21, 2011

Love you dropbox. Thanks for offering us this amazing free service.

Ron
June 21, 2011

I cannot believe I just learned about this via third party and you did not send out an alert email to customers. I have been a paying, premium customer for years and now must look for an alternative for our 25-employee business.

How you handled this . . . with a “hey what's up dudes” blog is a disgrace to you, your customers and your professionalism.

Searching for new secure solution . . . Whether that be in “cloud” or on “land”.

Link Tamake
June 21, 2011

It was linked to on Reddit, Hacker News, and of course smaller tech blogs and sites. I can't imagine that 99% of users didn't see something about it.

But yeah, an email should have gone out. I'll stick with Dropbox because other alternatives are crap, but I'm reducing Dropbox use to just swapping files between computers, not permanent storage.

Link Tamake
June 21, 2011

You're right. The next time someone makes a mistake, we'll banish them from the earth! The next time a coder accidentally hits the wrong key and breaks a site feature, we'll chop his fingers off! Mistakes are obviously something we have no room for in society!

Link Tamake
June 21, 2011

Might come back to haunt you.

weberwithoneb
June 21, 2011

I couldn't agree more. If you're storing your sensitive data in the cloud, you should expect this to happen every now and then. Just don't store ultra sensitive data up there.

Jean-Christophe Blachere
June 21, 2011

You don't expect Internet to be 100% safe… just Dropbox right?

J. Canha
June 21, 2011

You can see which devices were used in your Account page. Don't alarm yourself, I doubt anyone knew you could login with/ a password. Plus they dropped all active sessions. Learn to read seriously.

J. Canha
June 21, 2011

You can see which devices were used in your Account page. Don't alarm yourself, I doubt anyone knew you could login with/ a password. Plus they dropped all active sessions. Learn to read seriously.

Jean-Christophe Blachere
June 21, 2011

Good for you!  Why did you even bother posting here then?

Jean-Christophe Blachere
June 21, 2011

Good for you!  More space for us :)

J. Canha
June 21, 2011

Door is right there. If anything happened at all, you wouldn't be able to solve it by cancelling

Jean-Christophe Blachere
June 21, 2011

Good for you!  More space for us :)

J. Canha
June 21, 2011

You can see which devices were used in your Account page. You shouldn't be saving confidential files to start with.

Diogo Mónica
June 21, 2011

LOL. How did this pass Cucumber? :P

Dropballs
June 21, 2011

Your doubts are very comforting.

Rob Weir
June 21, 2011

SpiderOak at least encrypts on the client side, too.

bsergean
June 21, 2011

All the hate is disgusting. Shit happens. Error happens. If you're a software engineer you already screwed up a bunch of time, and you learn from your mistakes. Keep up the good work guys.

Dropballs
June 21, 2011

Show me where I can see a list of people who logged into my account via the web interface. Seriously, why the fuck would they link a device to my account? What a retarded response you are copy/pasting all over.

Dropballs
June 21, 2011

Show me where I can see a list of people who logged into my account via the web interface. Seriously, why the fuck would they link a device to my account? What a retarded response you are copy/pasting all over.

NoApologiesEither
June 21, 2011

And they didn't notify users, nor did they apologize.

travney
June 21, 2011

To show people there are other cloud storage services that do a far better

job at security than Dropbox. You should check out Spideroak.

travney
June 21, 2011

Dude, your on a sinking ship.

travney
June 21, 2011

I just got Spideroak tonight. It's great and very secure IMO, but be forewarned that nothing in life is fully secured.

Arashhole
June 21, 2011

Historically speaking, Arash is very brash with users, and tends to make bad situations worse.

travney
June 21, 2011

Denial Denial Denial

Tim Hodge
June 21, 2011

I paid $200/yr.  (I use the past tense because I'm one of those people overreacting and moving all my stuff.)  That seems like a significant enough amount to me to warrant my complaints.

It's irrelevant what I was storing.  Whether I'm storing personal information or pictures of my cat, it's MY stuff and when Dropbox accidentally makes it public I want them to send me an email and tell me a) that it happened, b) how it happened, and c) how they are ensuring it won't happen again.  After they were told about the bug and fixed it, it took them another 24 hours to acknowledge it on their blog, and they still haven't notified their users.

If it was still just a service that offered 2GB free to early adopters while they built their service, that would be one thing.  But Dropbox has moved past that to become a big player in the cloud storage game and they need to act like it.  Communicating with their customers in an appropriate fashion would be a nice start.

grawss
June 21, 2011

I was not asking for devices, I was asking for IP addresses. Secondly, dropping all active sessions is fine and dandy, but how long were those sessions open? How much data was transferred?

All it would take to discover the security hole would be to mistype a password. Your doubts that anyone knew about the hole are based around the extremely small chance that none of the possibly thousands of people logging in mistyped their password.

And considering the hole was found by someone who mistyped their password, I'm not about to side with your doubts on the matter.

travney
June 21, 2011

You should check out SpiderOak. I started using it tonight and its great.

Anonoymous
June 21, 2011

you guys are real dicks… dropbox fixed in 5 minutes… go smoke some weed or drink a beer…

Greg03
June 21, 2011

This is HUGE and you handle it nonchalantly without an actual apology. So worrisome for such an important tool to have this happen. Considering other options.

J. Canha
June 21, 2011

OH THE FATALITY. Please. Crybaby

DanielL
June 21, 2011

Well, SpiderOak (https://spideroak.com) offer zero-knowledge encryption and client side encryption key creation. Also up to 50GB through referrals, mobile clients etc. Feel free to check us out!

Tim Hodge
June 21, 2011

I pay.  Paid, anyway, since I'm on my way out.  The sad thing is all they had to do was send an email yesterday at 5:47pm saying they found an issue and fixed it.  The lack of transparency and openness is the issue for most of us, not the technical issue.

J. Canha
June 21, 2011

Byeeeeeeeeeeeeeeeeee. Thanks for the extra space!

Ricco Ho
June 21, 2011

I'm much disappointed that I learnt this news from my friend's FB feed instead of from DropBox. In case of such critical incident, DropBox should actively notify their customers through emails instead of just releasing a blog entry and expect your customers will read it.

Any will DropBox consider offering a customized encryption key feature? Offload the decryption to client machine. Of course it may lead to some other problems (Performance of decryption and encryption locally, loss of encryption key…) but it also brings some extra safety measure.

J. Canha
June 21, 2011

Dude you freaking own. Everything that was needed to be said.

michaelaleo
June 21, 2011

They fixed it in five minutes… after it was live for the entire afternoon.

J. Canha
June 21, 2011

Byeeeeeeeeeeeeeeeeee. Thanks for the extra space!

Guest
June 21, 2011

Just get your own server, and then do this:

http://hints.macworld.com/arti
Doesn't just have to be bookmarks – it can be anything with free, open source Macfusion.

Beavis De Milo
June 21, 2011

Perhaps if their programmers spent less time in such activities ….?

This isn't AOL, they're trying to represent themselves as a professional company.  Professional companies test their frickin software.  When things go wrong, they notify their user base.

It would appear that they are not a professional company.

Conrad E Yunker
June 21, 2011

“If we identify any specific instances of unusual activity, we’ll immediately notify the account owner. ”

BS! At the least, you should email me the history of my account during the period — let me figure out if there's any “unusual activity.” You guys are history.

Charles Lindsay
June 21, 2011

Ted Wood: There's lots of precedent for Internet systems to fail open: take SSL revocation list handling in most browsers as an example. If a query to a revocation list server fails, the SSL session defaults to “accept the cert”. While this doesn't excuse Dropbox for handling publication of their error poorly, it does show a flaw in your assertion they should be held to a very very high standard.

Sdkf
June 21, 2011

too late, the damage is done fuckheads.. and i just finally created an account yesterday after waiting to see if you guys would fuck up

Stephen Benjamin
June 21, 2011

Bye.

gbuell
June 21, 2011

EDIT: Eh, nevermind.

Mark Vaughn
June 21, 2011

Deleting my dropbox account. This is unacceptable. I had to find out through a random message on Twitter from somebody unrelated to dropbox rather than in an email from dropbox in my inbox.

Rakkhi
June 21, 2011

I read 4 hours to fix… How much is 1% of their users? 20,000. That's quite a lot of data that could be stolen

http://news.ycombinator.com/it

utucuro
June 21, 2011

Well, normally I would like to be able to say that timely disclosure and notification by dropbox was what allowed me to forgive this and keep using dropbox, but sadly, that is not the case, I know about this because I read it was posted on HN. Big mistake Dropbox, do check Seth Godin's article http://sethgodin.typepad.com/s… and decide for yourselves what category you want to fall under in the future. For today, you have lost a user who will be warning people against trusting you in the future.

Tkfanmail
June 21, 2011

Well that's not good. Especially with lulzsec teaming up with anonymous to hack these days, this is verry bad. Removed all my file's for an undefined period of time, just as a precaution.

Rakkhi
June 21, 2011

http://wuala.com/

But wait for iOS 5 then drop it like it'd hot

Robert Basil
June 21, 2011

Link,

Once you have a chance to go Google “Q&A testing” then come back and respond. Until then you need to get a clue. This kind of mistake for a multi-million dollar company is inexcusable.

Robert Basil
June 21, 2011

Yes, and I'm leaving this week.

Wes Cook
June 21, 2011

While I commend your honesty and forwardness, this is too large of a screw up and I won't be considering Dropbox secure from this point forward.

Take a look at the LastPass guys and their devotion to security.  That team is dedicated, and they know what they're doing.  Data needs to be encrypted before it gets to your servers.  You should not have the encryption key.  Everything should be hashed, salted, and hashed again.

Step it up!

colin
June 21, 2011

“A very small number of users (much less than 1 percent) logged in during that period..”most of the “much less then 1 percent” probably typed in the correct password so… the “compromised” accounts are MUCH much less the 1%.

still pretty nasty situation

cjwworld
June 21, 2011

more likely they were busy.  Do you know what they were doing?  were you neck to neck with them?  doubt it.  IF they did emailed 12 million + users, how many would just pack up and go when in reality most wasn't effected at all.  Sure, it was something that shouldn't happened and they did mention that and they did mention what they planned.  Or did that escaped you?

Pazu
June 21, 2011

So are you paying? LOL.

Anonymous
June 21, 2011

I have to agree. Everybody thinks their data is so fucking important. So what if some jackass accidentally got access to your shit. What kind of amazing  cancer/AIDS curing research have you stored on your DropBox account? Mistakes happen and they fixed it. At least they told you about it. How many other companies do that?

cjwworld
June 21, 2011

what!  now you are fishin.. blowing up a small issue to a big moutain.  In 4 hours, how much information is going to be stolen..  really.. NAW.  We live in a imperfect world and imperfect people.. I accept you.

Eddie
June 21, 2011

Are you freaking kidding me?????????????????????????????????

AAA
June 21, 2011

What happened is really alarming, but I appreciate the openness Dropbox is showing. 
What to do now?
1) Notify the users who had login activity during the period about the issue and provide them with a full IP access log for their account.
2) For the future, please provide any user with a web-based log of recent account activity with full IP addresses (see Gmail) and also with a button to sign out all other open web sessions.

Thanks
A

Pazu
June 21, 2011

I'm very concerned with the security and worried about the consequence of this accident, but I think I'll stick to Dropbox unless there's another major bug in the future. I think if you switch to other similar services, similar accidents may also happen.

Dropbox set the bar very high (so it's difficult to switch the service), I'm on my free account, with 20GB (a lot of referrals and play a game, etc to have a total 20GB). Speed is above average, I have used any customer support (which is a good sign indeed), mobile app (iPhone) has rooms to improve but it's still one of the best.

I'm not going to complain, I will be more careful though.

And guys, give them a chance!

Simon Barker
June 21, 2011

Very poor show, very poor show indeed. Setting aside the security issue for a second you guys need to get serious about respecting your customers as well as their data. I have NOT received an email about this issue, I had to read about it on TUAW and then techcrunch, then I read you blog post quoted on techcrunch only to see NO apology. Not until you updated you own blog post HERE do we get the word sorry!

Admitting it was a bad mistake was not enough in this case! An apology, a months refund (yeah, I paid for your service) and an upfront email would make this a whole lot easier for your customers to deal with. Instead you stuck it on a blog I didn't even know you had, didn't apologise and, even worse, it took you four hours to realise that your system was broken and FAILING open!!!!!!!

Get a grip, get better engineers and get it sorted so that your future customers (if you have any) don't have the same experience.

One last comment, 5 minutes to fix is not something to celebrate, you were still open for 4 hours. Adding the 5 minutes to fix comment is similar to a 5th grader claiming that a D on a test is ok because the rest of the class got a C.

Rakkhi
June 21, 2011

If there was no password required they are sure that the correct password was typed? Still how many hacked into Sony bet it was less than 10 people. Mtgox? 1 guy?

Matt
June 21, 2011

UNACCEPTABLE. Your apologiy lame. Why no email notification, no tweets, Im out.. People should seriously considering finding alternative because of the way Dropbox has handled this. PR #fail

vovcacik
June 21, 2011

Wow, another breach. Are you thinking about outsourcing authentication to third party (with OpenID)?

Anonymous
June 21, 2011

What I WANT to know is if my account is one of the affected accounts. I don't want to know that my data is being compromised!

grawss
June 21, 2011

I believe saying, “your information is secure,” followed by, “oops, we allowed full, open access to all your information for a few hours” is pretty serious.

What's even more serious is the idea that every dropbox user still doesn't know if their information was accessed, and as a result cannot know if they have to take the proper action to secure their possibly sensitive information.

You may be naive enough to be fine with “probably,” but even the tiny chance that a single user can be harmed by this security flaw should be taken extremely seriously by Dropbox, and because they are not taking it seriously, the only option for users is to take their business to someone who values their privacy and security.

And to answer your “question,” four hours is enough to empty out more than zero accounts, which is too much.

vovcacik
June 21, 2011

Why am I reading this post 15 hours after the breach was discovered? Send me email next time (oh yeah I bet there will be next time)!

Info
June 21, 2011

I pay for my account and expect better than this.  I promote dropbox to smal businesses but think that from now I will no longer do this.  I am over the last 6 months becoming very concerned about the security issues with this product.  You really need to lift the game substantially, or ….. Very disappointed in where DB is not going at present.

Info
June 21, 2011

Agreed why dont paid at least users get a personal email around these issues!!

Chris Charlton
June 21, 2011

Sounds like I have a lot of passwords and password systems to change this morning! Very disappointed to have stumbled upon this news by accident, Dropbox.

Info
June 21, 2011

should NEVER have happened in the first place, points to an underlying issue internally

Al Briggs
June 21, 2011

If I understand this correctly then it seems that it took 4 hours for someone external from dropbox to stop this problem and then it took 5 minutes to fix.

There are three problems for me this that stand out:

1.The length of time to identify the problem – the 4 hour window when only an email address was needed to access the account.
2.That an external agent had to point out the problem – how many other 3rd parties realised that this bug existed and looked around using just email addresses?
3.That the fix was applied in 5 minutes  - why was dropbox not brought down for a thorough security audit after this problem was identified?

Points 1 & 2 have arisen from an appalling testing regime that doesn't include any negative tests for the  - this I hope can easily be fixed – I would hope these have already been fixed.

The big problem from this is point 3 and the root cause of 1 &2  - a shocking disrespect for user security from the technical & management teams at dropbox – which seems to be disconnected from their marketing team who push security as a major benefit of the service.

That no negative testing was happening shows at best incredible naivety about security testing procedures at worst terrible arrogance about the robustness of their security systems.

I think the problem maybe arrogance about robustness when you consider that rather than shutting down the service and doing a security audit on the code a decision was made to rush out a patch in 5 minutes.

Dropbox now need to work hard to show us users that they take security seriously – this has exposed a serious institutional attitude problem to security that may end up in them having to introduce encryption to all files if they can't transparently talk about how bad this problem was. Ultimately I think they might have to sack some people to show how this problem has been solved – but they may be able to find simpler ways to reassure people that they take security seriously (HINT: a 3rd party security audit of the codebase and procedures with the results published might start getting there).

dnickelson
June 21, 2011

The problem isn't the average user's data, it's the user that might have been trying to convince their company to let them implement a business tool based on dropbox…or dropbox offering any type of enterprise solution.

Arashhole
June 21, 2011

Arash: your response is too little too late.

“I'm sorry, and we'll notify you real soon now” doesn't mean anything when you don't post it until thousands of people point out that you're a fucking asshole who didn't apologize at all, and didn't notify anybody.

And this isn't the first time that your responses made a bad situation worse.  That seems to be your modus operandi.

vovcacik
June 21, 2011

Dropbox was opened to anyone for hours before they noticed it. Then they fixed it in minutes which also means it was some dumb bug.

vovcacik
June 21, 2011

What information could leak?

Data?
Personal information (including name, email)?
Passwords?

Marc Steele
June 21, 2011

come down Tony!

Trey
June 21, 2011

Where are the further updates? Why haven't I received an email yet from dropbox? How dare you try to downplay this massive failure!

cjwworld
June 21, 2011

sure, you are right, but wheres the proof?  I am not saying its NOT serious.  I tried SpiderOak, and I got hacked.. So security is not 100%,  I feel, its blown to way off proportion.

Abel Maio
June 21, 2011

As Tony Webster said “ This clearly indicates the need for re-engineering Dropbox security.”. 
In faculty we are told that we must test everything specialy in critical situations.
A a script with a lot of unit tests will have prevented this situation.

And Unit Tests are not to pass allways. One test to login with success, another test to fail login to see if the authentication is done correctly.

Man… I really love Dropbox… But now I'm sad… How can I tell my friends to use Dropbox when things like this happen? 

Skydrive never had this kind of problem…

@surlydev
June 21, 2011

Now we know where the Sony PSN developers went to work after they got fired.

e.p.c.
June 21, 2011

This isn't the service I paid for.  I thought about this for a bit, and seriously guys, this isn't professional, it isn't respectable, it isn't even understandable.  I am a paying customer and I had to find out about this over 24 hours later while casually reading someone blog? Nothing on your twitter feeds (either of them). No email. 

You really had only two things you had to get right with Dropbox: syncing files, and keeping them secure.  While I appreciate how great your file syncing is, this security lapse is the last straw for me.

Rob
June 21, 2011

Oh hey guys, no biggie. If it wasn't for every tech blog/site on the internet, I would never even have known this had happened.

Steve Morton
June 21, 2011

I think extra free space for everyone for this drop in security

Steve Morton
June 21, 2011

I think we should all get some extra free space for this security lapse.

And how many other incidents have there been in the past that we haven't been informed about…

Rjacobson
June 21, 2011

I'm tired of these excuses for Dropbox.  ”If you expected Dropbox to have effective security, you're an idiot, and it's your own fault for believing Dropbox's PR.”

Dropbox first argued that everything was encrypted, and no one at DropBox could have access to your data without your password.  That was a lie.

Then they recanted, but said that everything was super-secure, so there wasn't a need to worry.  That was also a lie.

Abel Maio
June 21, 2011

Remembered when the LastPass team found a little more traffic than normal. They immediately ask all the users to change passwords and send a mail explaining all the situation. No secrets.

For some people this mistake happens. For other this is the end.

Personally I don't think of deleting my account. I still love Dropbox. But I maybe use also TrueCrypt for the more sensitive.

But no email explaining what happened?

Abel Maio
June 21, 2011

Why is everyone thanking for the extra space? 
There is no extra space for anyone. Everyone will have the same.

But as an apologie Dropbox can give every user a boost on space.

Rjacobson
June 21, 2011

I stored my tax returns on my DropBox account.  Am I an idiot for having trusted DropBox's promises of security?

Joe Rowley
June 21, 2011

Eh big deal, it's a free service, I get what I paid for and I still love y'all. Keep up the good work and love you guys.

Abel Maio
June 21, 2011

This isn't just a mistake. 

Remember, this is a business. Dropbox is suposed to be used also on an enterprise environment. 

Also, there's a team being Dropbox. Not only one person mistake. Also there are basic rules for making software and testing that they teach on faculty. 

And I make my words the reply of Robert Basil.

Chris Cardinal
June 21, 2011

I would like to believe that something as crucial as authentication code would be unit tested and source controlled and require some pretty intense scrutiny before getting deployed to FUCKING PRODUCTION but perhaps that's naive. What the hell? I know they're working on auditing access records, but we need a complete post-mortem as well. This sort of thing should never, ever make it to production. It just *feels* sloppy.

Rjacobson
June 21, 2011

Byeeeeeee!  Thanks for the lack of security.

Abel Maio
June 21, 2011

Totally agree with you.

Not leaving Dropbox. That's too extreme and because there simply aren't other as good (as far as I know). Also I have a lot of space because of my referals. 

But I'll take new precautions. TrueCrypt it's a nice idea.

himself
June 21, 2011

This looks extremely interesting but one thing bothers me. How do you detect redundancy in history if all the data is encrypted? On the client? From all the history or only the latest version? Which means you have to encrypt and store only changes, but then you'd have to download and decrypt the base revision + all the change sets (and since you keep infinite history you're to download EVERYTHING about that file). Would that scheme really scale? You'd probably have to upload key revisions from time to time…

Anyway, it'd be nice to read about all of that in your technical guide!

dogbomb
June 21, 2011

Prevention is better than a cure.

dogbomb
June 21, 2011

I'm just shocked that I'm only just hearing about this through a third party news email, rather than an email from dropbox themselves. Not everyone reads blog posts, but everyone tends to check their emails for alerts. 

Very bad form, dropbox. I am currently looking at the offerings from competitors and seeing if I should cancel my paid account.

Rjacobson
June 21, 2011

My paid account is cancelled.  Dropbox, I enjoyed the short time we had, but i can't respect a relationship that is premised on a lie.  I'm sorry to see you go.

Rjacobson
June 21, 2011

No, it's not “common sense.”  Dropbox repeatedly promised that they were a secure service and that everything was encrypted.  They screwed up, plain and simple.  Please stop sounding like a battered wife — “yes, they abused me, but it's my own fault for having trusted them.  I just need to behave better, and then everything will be OK.”

Logos
June 21, 2011

they (Wuala) didn't take too long to react to the news … doesn't matter if they're probably trying to take advantage of the situation, what they're saying is right:
http://www.wuala.com/blog/2011

… and yeah, Dropbox security is a disaster, starting with encryption at server level not being user dependent, that's a shame.

Sj
June 21, 2011

The new “Crisis 101″ manual says just wait out the rage and they'll all forget.  Unfortunately, they're right, so they continue with no encryption or proper testing.

Missd
June 21, 2011

Where's my email? I found out about this on Facebook, unreal…

Sj
June 21, 2011

The new “Crisis 101″ manual says just wait out the rage and
they'll all forget.  Unfortunately, they're (Dropbox) right, so they continue with
no encryption or proper testing.

lakshman
June 21, 2011

lame

h e
June 21, 2011

The 'less than 1 percent' part makes me cancel my subscription. Obviously you don't take this serious enough … what is one percent? Only 10k accounts broken into? Oh well, that can't be too serious.

Yeah guys, I like your attitude. I'd like to see you driving my cab or flipping burgers, but I probably don't want you to have access to my data.

Roland Ulbricht
June 21, 2011

I emptied my account and will switch to another platform unless I get notified that something about the system has changed.

Jon Weedon
June 21, 2011

A friend recommended dropbox to me recently and I haven't got around to trying it out yet. Just wanted to say that I am deeply impressed with the fact that you have allowed this thread to remain on full view despite the obvious anger from some of your customers. I have no idea whether or not your customer communications around this problem were good or not – reading this thread would suggest not, however the fact that you have allowed your customers to vent their anger in public on your own blog speaks volumes.

Many companies would have over moderated or even disabled the comment functionality completely. Kudos to you guys for not doing this. Technical issues aside, this alone makes me inclined to open an account. Good luck!

Alain
June 21, 2011

I deleted my dropbox account today, I simply do not trust you anymore. You guys are sloppy .. I'm going to start using SugarSync … they even give you more space!

David Low
June 21, 2011

Okay, so Dropbox screwed up with public relations. But hey, you're storing your stuff in the cloud. No service is 100% secure and everyone know that.

Even with big companies like Google, a minor code change have brought their systems down to the knees before. Unexpected issues always pop up once in a while, and it's how the company handles it. Let me ask you and all the other 41 people who liked this post. How many of you are using the free service?

Sure, we all flame Dropbox now, but at the end, who's still the one of the best file storage service out there that has achieved a good rep and service in in 3 freaking years?

JS
June 21, 2011

Now that's what I call a serious bug! Please inform EVERY SINGLE USER whose account has been accessed by using an unverifyed password. If you can't do so, make sure to provide an email granting all users access to detailed logs concerning their accounts for the entire period of this unbelievable stupidity!

Julien Dubois
June 21, 2011

I am a PAYING customer.
I would have appreciated an email notifying me of the problem, as well as a log telling me if my account was accessed during that time, with which IP addresses.

littlemog
June 21, 2011

seems like dropbox made a mess here.

Denis
June 21, 2011

This is exactly why client-side encryption is so important, and why DropBox initially pretended that it was what they did.  With real client-side encryption, a bug or rogue employee, can't access my data.  That's two strikes, I'm off to find a company I can trust with my data.

Pj Elkins
June 21, 2011

it IS common sense. Ur gullible to believe that ANYTHING is secure on tha internet. Heres a good rule of thumb for tha n00bs: anything u put on tha internet, is ON tha internet; nothing is safe from sum1 who wants ur information, no matter HOW much encryption u got protecting w/e u got on w/e site.

by whining about how dropbox broke their promises and lied an are unprofessional, u are accomplishing nothing. its pretty obvious to any1 that does a search on their favorite search engine right now that dropbox is tha most simple online storage available, and its free. if ur worried bout security, go buy a portable hard drive, or a flash drive, otherwise u just sound like ignorant fools when u whine about a great service that does wut its main objective is: store data online and sync between PCs/etc.

alrite, im done givin my 2 cents; i hope i succeeded in informing u n00bs who think security exists on tha internet.

Jochem Kossen
June 21, 2011

'A very small number of users (much less than 1 percent) …'

How many accounts is that? 1 % of 1 million is still 10000, which is quite a lot in my opinion. And I think Dropbox has quite a lot more than 1 million accounts.

Jimmy
June 21, 2011

Uhhh, everyones data is important to themselves.  So what if you keep all your kiddie porn there and don't care who see's it.  Some of us keep data on DB that we like to have access to, but don't want the world to see. And DB wasn't exactly forthcoming on the issue.  I didn't find out until at least 24 hours after the fact.  They should have notified all users regardless.

Jahdfjdh
June 21, 2011

вот лажа то, а!

Matt
June 21, 2011

Extra space? Just uploadt to rapidshare.com same security, anyone can access..

Jimmy
June 21, 2011

Agreed, but they could have been a little more transparent on the issue.  For those that are staying, there is a good article on LifeHacker on how to add encryption to your DB account:  http://lifehacker.com/5794486/

Jono
June 21, 2011

@dnickelson – you've made one of the most salient points IMHO.  The effect is not on data security but on PERCEPTION of data security.  I am trying to convince not-for-profit boards/committees and small companies to get onto cloud-based solutions for info sharing &  productivity gain.  I am already dealing with 'oldies' who are still coping with email.  This will send the debate backwards 6 months.

It's akin to a major traffic pile-up in the early 1900's when cars were being mass-produced.  But, like others, I ain't going back to the horse & buggy!

Matt
June 21, 2011

What are you smoking? A blog post that perhaps the most serious security incident Ive seen for a few years and you have to find via tech site aggregators impresses you? Well I some people see the good in everything… I condone murders when they admit to their crime, the act aside, this alone makes me inclined to welcome them with open arms,

Jonathan Ansell
June 21, 2011

yes.
welcome to the internet.

evcz
June 21, 2011

what about adding a 2-step auth like gmail did?
things like this are not acceptable!

v.ovcacik
June 21, 2011

With OpenID you could use any authentication you want. Providers that

support two factor auth I know about:

- sms (google)

- yubikey (clavid)

- lot of other possibilities…

guywuzhere
June 21, 2011

Unit tests, integration tests, and regression tests.
Security cannot be an afterthought.

evcz
June 21, 2011

uhm… how do you login to dropbox using openid?

is that possible only on the site and not on the client?

v.ovcacik
June 21, 2011

Sorry to misleading you. Dropbox does not support OpenID so far. Once it

implements openid, there are mechanism to authenticate desktop client as

well, e.g. one time password for desktop client which can be obtained from

web interface (or other ways).

Support openid in votebox.

evcz
June 21, 2011

ah, ok :)

still less then 400votes… that looks like a long run :(

Rob
June 21, 2011

What a bunch of whiners. Stop bitching! People are making it sound like this was the PSN hack. Get off you high horse, your shit is not that important.

BowieBulldog
June 21, 2011

First of, I love the simplicity of use of Dropbox. But the fact that no one, and not even paying customers (as I am), have been mailed about the problems is of an arrogance I can't comprehend. I don't care if there is a problem, something goes wrong, an error occurs or what so ever, it's still bits and bytes, there are still people at work who can make mistakes. But don't let your customers find out what's going on via all kinds of media, send them a personal email. That's what grownups do…

Oz (It's not only about making money, sometimes you have to do something to earn it)

Casper
June 21, 2011

Dropbox rockzzz !!

littlemog
June 21, 2011

I quit Spideroak after being a paying customer for a few months. If you're going to store stuff in the cloud, just TrueCrypt your data. I don't understand how recommending the other guys makes a big difference – it might create other unforeseen problems (Google it ;) )

fatboyzim
June 21, 2011

All you whinging tossers 'Oh my data might have been exposed' 'My mum uses Dropbox and she had to find out 2 hours later that someone would have seen pictures of her dogging' Please, you bunch of nobody's getting upset that the personal shit you have in there “might” have been exposed.. get a grip wankers

v.ovcacik
June 21, 2011

Unfortunately yes. Maybe there will be some shift in the future. Btw. I am

using google as my openid provider with sms as two factor authentication.

Shame I am not that safe on dropbox too.

Jason
June 21, 2011

While yes, they fixed it in 5 minutes, it was running on the live production servers for FOUR HOURS.  If the total exposure was 5 minutes, I don't think anyone would be complaining.

Hey Dropbox, it's all about QA'ing that code, boys & girls.  We've all made mind-numbingly stupid errors, but with systems that touch as many people as yours, you have to test for stuff like this.

Hostx9
June 21, 2011

No security is 100%, at least you're so hones to tell about this to all
of your user. Some other sites which were attacked by hackers (recently
there were a lot of such attacks all over the net. Sites like Atari, EVE
online etc. were compromised) didn't said a word to the users what is
going on. The only thing they say was that the servers were under
maintenance.

On the other hand users should always be cautious when handling with sensitive data especially on the internet.

Yakov
June 21, 2011

How do you know?

Benjamin Tayehanpour
June 21, 2011

People. If you honestly store things on Dropbox without encrypting them first, then you are all fools with no sense of security whatsoever. Even without this security flaw, relying on a third-party to securely store your data is madness. Even the devs at Dropbox would tell you that, if they're any good.

Also: This is what you get for using closed-source code.

Mojitex
June 21, 2011

Well, I've never paid for using Dropbox. And I would say this is an excellent service, especially because it's free (at least for me). As to the issue of security, I wouldn't recommend anyone to use this kind of online storage whether it's free or not. Don't even think about using the Internet if you want security in a real sense. Use Dropbox just as a really useful tool with which you can do some of your job quicker and easier. The important thing is the trade-off between costs and benefits. I would go with DB as long as it keeps this level of safety–or unless any better services are released.

Anonymous
June 21, 2011

On 6/18 around 6:30 pm, I deleted a file from my account, and then permanently deleted it. On 6/19, the file was back. So apparently Dropbox not only logged off people, but restored some files.

guest
June 21, 2011

why was this not communicated to me by e-mail? why do i have to find out about this from reading hacker news?

Dude
June 21, 2011

Oh relax. You'll live longer.

Great response and handling of this Arash/Dropbox Team.

Pedr
June 21, 2011

Guys you should all calm down and have a look how many updates you have done from microsoft without event been told why they needed to be done. There systems are not 100% foolproof either.

J s
June 21, 2011

blah blah blah whine whine whine bitch bitch bitch… 90% of you are probably on the free 2gb account anyway.

It was a mistake, they fixed the problem and they have learned to now do better unit testing.  You shouldn't be storing critical data in the cloud anyway.

polaralex
June 21, 2011

Absolute disaster. I think it's now time to up your security measures and add cryptography to each individual file. Unless you want to leave the industry.

Guest2011
June 21, 2011

Just out of interest, do you actually pay for the service, or will your leaving Dropbox have no negative effect on them whatsoever?

cliffcheney
June 21, 2011

If they have 25,000,000 users, 1% would be 250,000. Not a small number.

cliffcheney
June 21, 2011

It should not be possible for a small bug or typo to break a 25 million user application. Period.

Rakkhi
June 21, 2011

Cliff you are absolutly right. I didn't have an up-to-date link.

25 million users July 2011

http://www.softwarecrew.com/20

cliffcheney
June 21, 2011

If they encrypt locally in small chunks they can hash each segment for change on the server and only download changes. Sort of like Apple's sparsebundle used in TimeMachine backups.

cliffcheney
June 21, 2011

What did you not like about Spideroak? I have tested both them and Wuala. Spideroak's software seemed more mature and as user friendly as encryption software can hope for.

Siegfried
June 21, 2011

Is it possible to see a Log of every Login attempt to my Dropbox ? If not, please implement this! I could be never safe that anyone else has connected to my (paided!!) Dropbox.

Karim Cassam Chenaï
June 21, 2011

This thread is hilarious. Some people should relax, blame themselves and keep their anger for more important issues.
Dropbox team : I love what you do. A bunch of new unit tests will solve this problem, et voilà.

Ben Steenhuisen
June 21, 2011

Hey, you guys screwed up. But you admitted it to everyone, you patched the solution and you were prepared to ensure no data was stolen.

This is 100x better than Microsoft offers for its (paid) products, so good work.

Chris Epler
June 21, 2011

New unit tests?  Uhm…like checking to see if a bad password lets you in?  I'd think that one should have been in there from day 1…

Fbdf
June 21, 2011

So, as no data is encrypted in anyway, not only Dropbox staff can access our data without limitations, also a small “typo” of one of them can break security of every single account (which means millions).

I'm afraid this is the end of you and I, dropbox. It was hard to accept that some employees might have access to my files under some circumstances, but this…

js23
June 21, 2011

Unless you paid for more storage you can't complain.

Fbdf
June 21, 2011

And I had to find out through a CMS news blog. No email was sent to me to inform about it. Just great.

cliffcheney
June 21, 2011

True.

Leon Green
June 21, 2011

Who get free storage is up to Dropbox to determine but a striking offer like that is needed, plus a clear plan of how they're going to tighten their detection system for issues like this is needed. An apology is the bare minimum they needed to do. 

This is a huge issue as DB's brand has now been significantly contaminated. Only the naive would think this isn't a serious issue with real PR ramifications.

cliffcheney
June 21, 2011

Not true. They promote themselves using their free user-base number of 25 Million. They would not get as much attention in the marketplace if we weren't here. Look at all the other similar services who for no good reason don't have the free user numbers and can't seem to break into the market. This event will change all that.

Leon Green
June 21, 2011

They have but they can easily deal with the public relations fallout if they act swiftly to get in front of the story and allay any future fears about their products.

Fbdf
June 21, 2011

I simply can't believe there are people in this thread blaming other users instead of Dropbox, because “we shouldn't store sensitive information on te cloud”. Wtf? That's exactly why we use the cloud!

Mark S
June 21, 2011

Hourly updates? I am sure there resources would've been wasted had you got your way. You absolute divvy.

mattmcmanus
June 21, 2011

Thanks for the transparency. Keep on making awesome things.

Rafiul_haq
June 21, 2011

Hi
I was un sync a shared folder that was not my account  it was deleted the owner was get angry to me and he think I deleted them. Then when I re-sync them he got his folder back

Angry Dropbox User
June 21, 2011

This is the kind of thing that just shouldn't happen.  I'm a paying user, and this is definitely going to push me to look for another provider.

Some people, like me, have been constantly asking for OPTIONAL client-side encryption to be available.  Yet, Dropbox continues to avoid the issue again and again.  Now, today, we see how client-side encryption could've been a help.  Yes you lose the immediate access to files on the web, but that's a choice the user can make.  At least include it for free or a small fee (like $1 / month) to cover the increase in duplicated data that would result.

The main reason I'll have to look elsewhere is that Dropbox first of all could use this technology to make accidents like yesterday's essentially worthless, but has ignored customer requests to do so.  The second reason is that you couldn't be bothered employing proper software engineering practices – surely the tests for authentication should try to log in correctly, and also ensure that an incorrect password does not permit login to take place.

tehfuck0r
June 21, 2011

srsly FAIL
lolololololololololololololololololololol

Guest
June 21, 2011

▄██████████████▄▐█▄▄▄▄█▌

██████▌▄▌▄▐▐▌███▌▀▀██▀▀

████▄█▌▄▌▄▐▐▌▀███▄▄█▌

▄▄▄▄▄██████████████▀

tumbleweeds1979
June 21, 2011

I use Dropbox for everything – and understand sometimes these things happen. I feel no different about Dropbox and will continue to use it. As will most people when they get off their high horse and think about it.

Chill out – what's so special on your account that someone else would give a shit about? Nothing, exactly.How many of the people moaning are free users anyway with a distorted sense of entitlement? If you think it's not worth it, cancel. If you're happy to accept the risks and enjoy a really helpful app for next to nothing a year then STFU!

Mollykpotts
June 21, 2011

I was one of those “less than 1%”.  My account is fine.  I appreciate all of you very hard work and diligence.  Molly

mindctrl
June 21, 2011

Cry baby? Facts. I loved the product and turned quite a number of friends and businesses onto it. Now I regret doing so, because of the purposeful lies told by the company.

skimble
June 21, 2011

Count me among those who will be sticking with DropBox, but who does feel a little disappointed in the handling of this bug and notification of changes to the terms of service.

Perhaps the best way to silence detractors would be to offer client-side encryption for certain folders in the Dropbox. As I understand it this would render the web tools impossible but it would give an extra level of security for particularly important files without users having to mess around with hosting TrueCrypt volumes or similar.

I sincerely hope that the negative criticism and users jumping ship will not significantly impact the DropBox userbase as I for one find DropBox to be an invaluable tool.

name
June 21, 2011

Stellt euch nicht alle so an.

Andrew .
June 21, 2011

Pretending it “ain't no thang…” is irresponsible and bordering on arrogant.  I'll continue to use Dropbox for non-critical work, but this event has shown me the people behind Dropbox haven't matured as quickly as their product.  No automated unit testing of security? WOW.  On the plus side, this event gave me cause to discover the wonderful Spideroak https://spideroak.com/engineer… which I will now use for any serious backup/syncing.  I'm sorry you guys have been been getting kicked in the nuts these past months, with all the security scares.  I've been a happy Dropbox user for years, and I've done my share of spreading the word and generating referrals.  Like other Dropbox fans it pains me to watch Dropbox go from startup darling to despised buffoon, from striding ahead of the pack to reversing direction and running headlong toward the deadpool.  You can blame noone but yourselves.  I can't complain because I only used the free account — but the folks who paid for upgraded services can be rightfully shocked at this inexcusable lapse.

Nomatterwhatm
June 21, 2011

ok, wuala isn't free anyway. dropbox basic instead yes

dalelane
June 21, 2011

“Remembered when the LastPass team found a little more traffic than normal. They immediately ask all the users to change passwords and send a mail explaining all the situation. No secrets.”
True… but look how much shit they got for that. 

The “OMG! LastPass security breach!” media coverage wasn't the best reward they could've got. 

(Not to say that this isn't how companies should behave… just that the media could do more to encourage it)

James
June 21, 2011

i am wodering how many from you are paying for adropbox service.
i have the free email , and i can complaine.
if i would pay for it, i would expect to get beter security.
DB as a service is woring fine for me and i can accept 2 miskates in 4 years.
i dont have there anything secreat

Manolo
June 21, 2011

Come on… what where you thinking, guys? I know many people who say they don't want to create a dropbox account, because it means putting all your data on the internet.. this does not support many counter-arguments on security..

Guest
June 21, 2011

Wuala is free for one Gigabyte or when you share unused storage on you HDD

Johannes
June 21, 2011

Taken from the comments in the relevant thread over at the forums:
If you can't be sure about your authentication code how can you be sure about your logging code?
Bottom line: you should notify ALL users!

Robert P
June 21, 2011

Vote on this to remove this as a security issue: https://www.dropbox.com/votebo

Jari
June 21, 2011

Excellent! Couldn't agree more :-)

Take 3 on tech
June 21, 2011

I have full faith in the dropbox team. I am sure they will do the right thing for its users (mostly because we the users are its number one product).

Quick question, Arash… do you have the IP addresses or any other location information for logged in users during the period? If so, did/will you use that information to help weed out false positives?

Dj Famer
June 21, 2011

Ok, thanks for caring

Leon Green
June 21, 2011

It appears SugarSync does a free option of 5 gigs: https://www.sugarsync.com/sign

Jane Grayson
June 21, 2011

I am a new user and wondered how secure this or any other cloud would be. Reading all the blogs to this point, it seems none of them are truly secure. The suggestion of a flash card/portable hard drive as the alternative is probably the most secure anyone will get. 

This breach of security is not clear to me, but I agree with Tim Hodge that it should never have happened and that the users were not properly notified. I believe the notification process is more distressing, as many users were probably using the service while still vulnerable to this breach. Will I switch? I am using the free service and have nothing worth anyone's notice. So I will wait.

methecooldude
June 21, 2011

I spot a Microsoft lackey…

Christian S.
June 21, 2011

You know what? Even if the wording is a bit harsh, I'd usually agree with you.
But there is a huge freakin' difference between not 100% secure and not even protected by a simple password. If this was the result of some kind of hack like it happened to Sony, some obscure exploit or whatever, I wouldn't say a thing – shit happens. But leaving everyones data wide open, without the simplest password protection, because they didn't test their code, that's an entirely different thing and it's a new magnitude of failure. It's personal data (e.g. family pictures), financial data (tax returns or similar), enterprise data (source code), everything open for everyone. And not by way of an exploit, a hacker attack or something, but because they didn't do a single damn test of the login process. I'm a software developer myself and I'm the first to admit that there can be bugs and not everythings perfect. But with critical data like this you better test your damn ass off! There can always be some weird, unforeseen chain of actions that will lead to buggy behaviour or exploits, but come on… They didn't even test how the system reacts to a wrong password. This is ridiculous.

What's almost worse is how they handled the situation. I wouldn't even know about it if I hadn't looked into the forum where someone mentioned this blog post. If something like this happens, I want to be informed. Codemaster was hacked the other week, and ages ago I seemingly registered there. There's not much data there, a username and an email maybe. But even they sent an email to inform me about it and apologized.
Dropbox instead is currently trying to hide it, hoping that as few people as possible find out.
This is unacceptable.

Jari
June 21, 2011

It will be probably always a bit of a problem with cloud based storage providers, especially those offering free solutions. Finding a balance between convenience and security is a challenge. Perhaps encrypting the most important/sensitive files would help a bit?

Jari
June 21, 2011

Dropbox is a a good storage solution for non-critical and non-sensitive information. However, I have some doubts that many IT professional would seriously recommend the CIO of their company or financial or governmental institution to rely on Dropbox or other similar services to store their confidential information.

Andre Williams
June 21, 2011

Afraid someone is looking into your porn?

Johnnierock
June 21, 2011

what are you going to recommend your friends switch to?

Mattchewie
June 21, 2011

I hate to say it but I agree with most here. I understand that things can happen but a 4 hour window in which all data was available to anyone is quite large and the most damning is that most users only know because of reports on 3rd party sites.

Once the scope was known, an email should of been sent to at least inform.

Stephen
June 21, 2011

What about services that promise to encrypt your files client side and then store them that way?

Stephen
June 21, 2011

I'd take the horse and buggy if every new car had a newfangled bluetooth system that let attackers adulter your passengers.

cliffcheney
June 21, 2011

Dropbox started out saying not even their people could read our files. I kept business financial records there. My bad for believing them. I have moved to SpiderOak. They are promising secure client side encryption and it has been working well during my testing.

numpty
June 21, 2011

Yes. Nothing on the internet is truly secure. Never has been, never will be.

niss
June 21, 2011

ITT: a bunch of idiots complain that their porn might've been discovered after uploading it to a public cloud storage service completely unencrypted.

William McVey
June 21, 2011

Cliff, you obviously haven't much experience in software engineering. The size of the bug (e.g. a “small bug”) rarely has any correllation to the potential affect of the bug. E.g. a small off by one bug can result in the total compromise of a piece of software. The simple act of freeing the same piece of memory twice can crash a program, and 'if' statement that uses the '=' operator versus the '==' operator can force the 'if' statement to *always* return true. Bug complexity does not translate to potential impact of the finished product. That being said… this kind of bug is not some some deeply nested logic bug. It was something that very easily could have and should have been caught by probably the first or second unit test (“Can I login with a correct user and password combo?”, “Can I login with an incorrect user and password combo?”). The fact that the bug made it into production is what is most disappointing to me.

Richard
June 21, 2011

Dropbox,
Although this type of breach is unacceptable I applaud you for publishing this page that is very transparent. People here need to understand that breaches, and bugs happen every day. Many of which go unannounced.

Although public pressure may have lead you into releasing this letter, and the updates you have done the right thing by informing the users. I hope that this behaviour will continue, and will be added into your security processes so further breaches are treated the same.

Randal Schwartz
June 21, 2011

Take a look at Wuala. Client-side encryption. They never have your password. Been using them for a while. Great thing is, you can get tons of extra cloud space for free by loaning them part of your always-on-the-net hard drives.  I have 150GB for free, for example, by loaning out part of my multi-terabyte Drobo that I'm not using for the moment.

Gft1950-best
June 21, 2011

Dropbox,
This kind of things happen to all the services once in a while, but when it happens to you, you do not hide it like others may not do. Thanks to your great forum! You keep all the good and bad comments in you forum. Other services only keep the good comments! Thank you for being honest with us. Don’t get discouraged by the negative comments. From every unpleasant incident a lot of good come out. Now, you could prepare yourselves better for such incidents to make your site even more secure! I have been using your service for over 2 years. I love it and I will recommend it to anyone I know.

DevilWAH
June 21, 2011

Hold on a second,

First there is no information about how a person could have access durring that time.

Almost all systems in existence have some weakness, half the battle is knowing there is a weakness and the the other half if exploiting it.

I would dam well hope Dropboox kepted quite if they knew there was an issue and where in the process of fixing it. Last thing you want to do i make it known to the world that there is a optunity to abuse.

They fixed the breach, posted a blog to inform people and if like me your account was affected, sent an email explaininf if you where logs in and what activity had taken place during that time.

If you are a buisness you are a fool to rely on a single method of security, or even mutiply methods from the same source. expicaly when you are asking some one else to house your data.

Do you think the MD would use the cloud to store there top secreat docs, allow a third party to hold them!! Of course not, Cloud is for portability and mobility, which both in them selves introduce weaknesses in security.

So how many people actuly lost any info? or had there accounts compromised in any way, any of the < < 1% ???

Some people need to put there toys back in the pram and get down of there high hourse. You have no idea what it is like running a enterprise network / computer system sytems and things are always going to crop up. ITs how you deal with them that matters, not that they happen in the first place.

4min to fix a bug once it was discovered on an enterprise service!! thats not bad going as any one who has worked on enterprise networks will know!

Bugsy
June 21, 2011

Guys, I appreciate your concern EXCEPT that for non-techie guys like us who thought it was easy to use Dropbox, this thing is too complicated.

Dale
June 21, 2011

I have to say after reading the posts here and being in the software industry, that people don't understand software development.

There will ALWAYS be bugs, its impossible to eliminate every bug so that a user never sees it.

DropBox has shown to me here that they were quick to react, honest and transparent in what happened, and appropriately notified customers who MIGHT have been affected.

Now whats the chance someone stole your stuff.

1. You need to be one of the 1% that logged in during that 4 hour period.
2. That means during that period someone out there had to know about the bug
3. The someone who knew about the bug, has to know you had an account on DropBox
4. The someone who knew about the bug and that you have a dropbox account has to know which email address you use for DropBox
5. And if all the above is true, they have to login and look at your documents.

I'd suggest the likely hood of this having happened to anyone is almost 0.

So take a breath people and stay calm. But remember, there will ALWAYS be bugs.

Mmcconnell
June 21, 2011

Looks like I won't be renewing my annual account. First the lies that your sysadmin's couldn't read my data when in fact they can (http://yro.slashdot.org/story/
Now this? You'd better be doing something impressive over there to ensure this doesn't happen again and provide some damn good detail.

Foobar
June 21, 2011

Seriously:  It was NO ATTACK but a bug. And it was a inexcusable one. What would you say if you die because your electrician left blank cables? Shit happens?!?!

Nobody is perfect but a few things are inexcusable because such a simple but serious bug simply shows carelessness and missig unit test. It is that simple. 

Foobar
June 21, 2011

It was a inexcusable bug, not an attack or something like that. Nobody is perfect but a few things are inexcusable because such a simple but serious bug simply shows carelessness and missig unit test. It is that simple.
Example: What would you say if you die because your electrician left blank cables? Shit happens?!?!

pjm
June 21, 2011

God help us: we *know* already. Just do it, for everyone's sake.

Fiesel
June 21, 2011

Support OSS: http://www.syncany.org/ - if this get's some more support, we don't have such problems in the future. It is that simple.See http://www.webupd8.org/2011/05… for details.

Luis Felipe Arias
June 21, 2011

I'm so concerned wt my files, I'm on 1% :S

Walid
June 21, 2011

I think if Dropbox team share the logs results or activities for each user by email whom own those accounts, it will be better, and the users will trust Dropbox team.

Christian S.
June 21, 2011

Just look at the difference:
At SpiderOak, you got hacked. Not 100% secure, okay. No biggie.
At Dropbox, one didn't need to hack you. All they needed was an email address. Not just “not 100% secure”, but zero percent. No protection at all. Because they were too lazy to do the most basic test on their authentification. This, in fact, IS a biggie.

sanbasl
June 21, 2011

You mean to tell me someone is stealing my already stolen music?! The nerve!

Guest
June 21, 2011

Please send an email next time! 
I came here by chance.

Juancho Tazo!
June 21, 2011

You may use truecrypt, if someone has access to your account, they also need to know the key to recovery your cyphered files. Besides, it gives you more privacy..
Since you are doing this, even dropbox staff can't be able to read your documents.. it's always your fault if you don care about your privacy, never rely on a single point of failure to blame every one else.
Sorry for my english xD

Ken Howard
June 21, 2011

The thing that all of you naysayers need to remember, is that when they published the new code update, they had a fix within 5 minutes.  Nobody knew about the vulnerability, and thus statistically, the number of “bad people” who might have had access to other people's DB accounts were slim to none.  Seriously…you think there's an armada of hackers just sitting there WAITING to get into your DB account?  Are you daft?

They've spent countless hours researching what went wrong and trying to find anyone who MIGHT have been compromised…but that doesn't mean you did.  Everyone makes mistakes, but at least this mistake was under the radar (until they reported it themselves) and had a .02% chance to actually affect your account negatively.

So shove it, get a life, and stop stomping on DropBox.  There are much more important security issues going on at the moment with higher valued companies than DB that you could be bitching about.

Micho
June 21, 2011

I just don't store any sensitive information on Dropbox… and I only keep it there the time my friends access it and download it !!?
I never felt storage on Internet was 100% safe anyway… I even archive my important E-mails on my own disks !
I only trust Bank sites, because they have double and triple security !
This way, I don't let my secrets accessible to hackers…

Fuad
June 21, 2011

Good Catch and Good Fix
Awesome Job Keep Up

scouser73
June 21, 2011

It happens, and it's a shame that it did happen but it's done now and Dropbox have fixed the issue with it.

Dan C
June 21, 2011

Exactly!    Good summary Dale!  Thank you!

Vladimir Jirasek
June 21, 2011

This is very disappointing and shows the issues in the quality assurance process and security review of the Dropbox security architecture. Inevitably, I will not be renewing my account with Dropbox and only store documents with classification ” “Public” on it.

Fiesel
June 21, 2011

There is a difference between “I expect 100%” and “I trust dump developers without unit testing”. I expect 99%. Not 10%.

Matt
June 21, 2011

Faud, You for to commend them on their open communication, i.e. the email all us dropbox users got, the tweet, the same day notification (cough couch)

Bill Sodeman
June 21, 2011

How about a dedicated page on the Dropbox web site for these announcements? Because posting them to an old article in your blog is bad PR.

Matt
June 21, 2011

Ken I think you misread. 5 minutes or 5 hours to fix isnt an issue, as once aware you either can fix it immediately or can not at which point you take it offline. The vulnerability exist for 5hrs, anyone that was in the process of brute forcing or randomly guessing or fat fingered their own attempts would of been aware of this.  0.02% you say – do the maths – how many affected?

Bill Sodeman
June 21, 2011

Actually, this should never happen. It's inexcusable.

Noah Buddy
June 21, 2011

Tell me, are you paying for your account or using the free one?

Basetta
June 21, 2011

Yes . I encrypted all my sensitive data that I have on dropbox :)

Bill Sodeman
June 21, 2011

SpiderOak is as slow as molasses.

Noah Buddy
June 21, 2011

It's precisely because security is important to many people that this should never have happened. Yes, we all make mistakes but some things are that important that you don't let them happen.

Can you imagine finding out on a blog that your bank had left it's vault doors open for four hours but it's okay because you don't think any money was stolen? Are you seriously telling me you'd be okay with that?

Remember it's not that long ago that dropbox started up business accounts. Do you really think businesses are going to pay for a service that doesn't test its updates properly.

Just imagine if you'd looked at the service for the first time and it said “fewer than 1% of users will ever have their data put at risk”…

Me
June 21, 2011

You have a free account don't you?

Gwenn
June 21, 2011

Maybe you should stress that you fixed the situation within 5 minutes of being aware of it… because I'm not certain other people are getting the picture.

I think you're handling this situation very well, and I thank you for it.

Joel Day
June 21, 2011

Your service should never have been architected in such a way to make this kind of failure even remotely possible. If your service worked the way you claimed it did, this would've been impossible. It's pathetic that you still won't admit that you were being deliberately misleading about the security of the service in order to attract users.

Guest
June 21, 2011

There was an apology. “this shouldn't have happened” .. “we're very sorry”

GR
June 21, 2011

I'd be willing to be that 95% of those who think this is no big deal aren't paying for it.

No
June 21, 2011

Don't be silly. Some mistakes are avoidable. “oops, sorry we nuked your house, everybody makes mistakes” is never going to fly.

Peyton
June 21, 2011

I got my email an hour ago…. fml

Matt Merkle
June 21, 2011

But on the horrible, horrible downside, you basically don't have online access to the files. That's the whole reason Dropbox doesn't do that sort of encryption, because there'd be no web access. It's one of the major reasons I use it.

Not to mention, people here apparently didn't read that less than 1% were affected, and those that were have been notified personally via email. Yes it sucks that it happened, but frankly this is a far better response than any other company with security issues lately.

Also, lending out that much disk space is really detrimental for the average user, since it requires significant upload speed. That can slow down their connections without any warning, and also cause problems with bandwidth caps.

Matt Merkle
June 21, 2011

Even with this security issue it's already much, much more secure than the average email server. A ridiculously large amount of email servers do not even use SSL or encrypted logins. Some don't even support it as an option.

Alvin A. Smith
June 21, 2011

But it took them four hours to be aware of it.

Paying Customer
June 21, 2011

Yeah, it'd probably take a free user to come up with that garbage.

“If you pay someone to securely store anything you think is important to you then you're an idiot and should just take a chill pill”

They sell business accounts too. Do you really think businesses are just storing stuff they don't care about online?

Dropbox isn't just a freebie, it's a business that sells a service and it isn't your place to decide what is and isn't important enough to get worked up about.

As you seem to think that only paying customers could have a reason to complain kindly keep quiet.

Your service isn't really free you know. There are salaries and operational costs being paid here, you just aren't the one paying them. If dropbox is profitable already then it's the paying customers who are covering your costs, if not then it's the investors and the paying customers.

vr8ce
June 21, 2011

Wow. First you lie about employee's access to your data (sorry, call it what you will, you lied), then you completely screw up authentication such that there isn't any, and YOU DON”T NOTICE IT FOR FOUR HOURS, and then you don't bother notifying users that it happened nor do you apologize for it (until several hours later).

Are you TRYING to get people to drop the service? I don't have anything critical on your service, but I'm going to drop it anyway. Dropbox exemplifies what is wrong with the “cloud storage” in the first place.

Darragh Flynn
June 21, 2011

what!? this is ridonkulous! i don't hold anything valuable on dropbox but for those who do…wtf?!

Matt Merkle
June 21, 2011

How do you know they don't have testing? Perhaps the real bug was the fact that the test was written incorrectly? This isn't without precedent for even enormous companies like Microsoft or Google. They made a mistake, and they're doing everything right to make sure it's taken care of. There's no need to chastise them further over it, in my opinion.

Jeremy
June 21, 2011

Agreed. I recently tried to log into my account with the same password I enter all the time. I tried several times, but couldn't log in. Finally, I had to reset my password. I contacted Dropbox about the problem, but they couldn't help me. Dropbox says that they don't keep track of account activity like password changes, and that I should check the devices associated with my account on the web interface. *Great.*

I'm also looking for a more secure alternative. Dropbox is seeming less and less secure.

MrBrianOJee
June 21, 2011

Christ will you relax man. Huffing and puffing like a tool… Human error happens. Climb down off that high horse of yours and out behind your hoodie

Robert Basil
June 21, 2011

Bill asked the question so that's why I answered him. Don't like my response,  feel free to keep scrolling down.

Randy A
June 21, 2011

Sorry to say it, but I lost trust in Dropbox a couple of privacy issues ago. I still use it for stuff that I don't see as private or personal, but I won't ever pay you money to hand out my data to anyone that knows my email address. Sorry. Your service is great, your privacy track record sucks nuts.

facebook-691511929
June 21, 2011

I applaud Dropbox for not hiding anything in their handling of this issue. Fess up (check), advise people what they need to do if they're concerned (check), and keep customers updated (check).

TFY
June 21, 2011

Blame themselves? For not getting what they paid for and what dropbox still promises on their website?

“your files are always available from the secure dropbox website”
“all files stored on dropbox are encrypted (AES-256)”

Yeah, totally unreasonable of them to think that their accounts wouldn't be wide open for 4 hours.

Schot
June 21, 2011

Completely unacceptable — huge gaping security flaws like this are going to destroy your brand and your plans for growth.

Neilpmc
June 21, 2011

Are you planning on notifying your customers? How you are handling this is a pr disaster.

Guest
June 21, 2011

Actually, you won't say anything if you're dead.

Bogiewan
June 21, 2011

Bank = Apples
My Data = Oranges
I would not be using a free service if my data was that sensitive.
You guys are too self important. Shit happens.

Michael
June 21, 2011

They didn't do any of that. They said nothing for more than a full day and then tried to downplay it. And the updates were very late and very terse.

Adam K.
June 21, 2011

Being “better than bad” isn't an upside.

Dropped Box
June 21, 2011

Aside from the actual security problem, the way it was handled was atrocious. Why was an email not sent to every account holder explaining what happened?  Why do we have to find out about this on Slashdot?  I envision a company that is VERY loosely managed by inexperienced people.

Alex Laird
June 21, 2011

Yah, only 250,000 people … that's no big deal.  Carry on, Dropbox.

https://www.dropbox.com/terms#

Oh, by the way, have you heard of unit and regression testing?  Because it's something you should be doing before each new drop.  And it's something you should be doing if you're “protecting [my] data to the best of [your] ability”.

cliffcheney
June 21, 2011

Let me rephrase: It should not be possible for a 'dumb' bug to make it past testing into the wild were it breaks a 25 million user application.

I don't think you should criticize my experience based on a turn-of-a-phrase in a single sentence and then agree with my general point.

Dropped Box
June 21, 2011

'Fessing up' and 'advising' is immediately emailing me directly to tell me my supposedly secure account was exposed and giving me links to further information, not finding out about it on Slashdot and digging further on my own.

Alex Laird
June 21, 2011

If you're defending their use of testing, you're affirming that their logon and authentication regression tests (if they have them) were broken.  The most fundamental tests they wrote?  The tests they wrote when Dropbox was born?  And you're suggest their software engineers wrote them wrong?

Then we should TOTALLY be trusting these programmers with all of our data!

Dropped Box
June 21, 2011

A look at the CTO's LinkedIn page shows him with a jester hat.

http://www.linkedin.com/in/ara

How fitting.

KH
June 21, 2011

You should notify your entire user base.

Ryan
June 21, 2011

Dropbox should have taken the “LastPass” approach. 
(1) Lock down everything immediately. 
(2) Notify everyone that there's been a security concern and they're looking into it. 
(3) Encourage all affected users to change their passwords. 
(4) Put processes in place to ensure that even compromised accounts remain secure (LastPass prevented anyone from logging into their own account if on a different-than-normal IP until they jumped through some extra hoops to prove their credentials). 

Instead of remaining silent until everything was under control, they should have gone to great lengths to illustrate that “There has been a small security breach. It only affected a very small number of customers, but we're locking everything down so nobody wonders if we could've done more.”

Laurenfeinman
June 21, 2011

Hey folks,

I'm trying not to feel angry b/c it is a free service but i did get hacked and I am not as fabulous with the techie details as the rest of you seem to be.  I am really anxious b/c my whole life is on there…personal, financial and business files.  It seems someone added 200 files on that date.  Does that mean they somehow corrupted all my files?  Or can i just 'revert' to earlier versions?  What do i do?  I work off these files every day for my job!!!!!  

In the email from drop box, they mention, “As a precautionary measure, we disabled any apps. “.  What does that mean to me practically?  If I try to open a file, will i be able to access it?  Also, if I open a file I know i put there, is there a chance it has been changed by whoever hacked into my account?

Really confused and overwhelmed – any wisdom from other cyber-friends would be so kind and appreciated.

Many thanks….

Oz
June 21, 2011

While good, you can't just notify accounts that were logged in. You must notify accounts who shared ANYTHING with those accounts, and thus may have had THEIR data accessed.

Alex Chan
June 21, 2011

We could all have checked for ourselves whether there was unusual activity, by viewing our account events log (https://www.dropbox.com/events ). What’s disappointing is that I had to find that out via Daring Fireball*, rather than from the post above. Indeed, a search for “account events log” on this page yields no results.

Severely disappointed today. I held Dropbox in high regard, even if I knew that it wasn't entirely secure. But your complacency does make me wonder whether I need to look elsewhere.

*Gruber may or may not have got the idea elsewhere, but it’s still disappointing that I’m getting security advice from an external website that *wasn’t* suggested by Dropbox themselves. DF link: http://daringfireball.net/link

Shawn Thompson
June 21, 2011

The problem with SpiderOak is that the interface is baffling and horrible.  I say this as a tech professional who puts businesses onto the cloud. I'd go with box.net way before spideroak.  And box.net isn't that great interface-wise.  But the sharing is intuitive and robust.

Fiesel
June 21, 2011

a) There are PRO users
b) If you should not use Dropbox for important files, they should say so.

Lucas
June 21, 2011

The correct phrase is “_____ hasn't had this problem yet.” Every time I boot up my Windows 7 virtual machine there are new patches for compromising bugs. From a 30 year old corporation with enough employees to raise an army. Technology is insecure because it is made by fallible people. Trusting your data to someone else because of a sales pitch makes you just as fallible. If it matters, be a good netizen and take responsibility for it.

Brian Weiss
June 21, 2011

For all who think this is the end of the world, consider: how would anyone KNOW of  this problem and be able to exploit it? Do you (or anyone you know) routinely try signing in with someone ELSE'S e-mail and WITHOUT entering a password?. . .someone else who happens to also be a Dropbox user? Because that's what someone would have had to do to exploit this.

This was a serious mistake, but I think the chest beating and berating far, far outweighs the reality here. It is interesting to note that NO commenter has yet said anything adverse happened to them.

GOOD companies are made stronger by their mistakes because they genuinely want to do their job well, rather than just excuse what's wrong. I put Dropbox in that category.

Thomas Moffett
June 21, 2011

As a almost two year user of Dropbox who has over 50GB of data stored on dropbox this was important to know about but it was fixed, mistakes happen. Get on with it, now back to work. – Oh and thanks for changing the way I move files dropbox. You have saved me countless hours driving to clients or transferring files to a flashdrive. You are still my HERO!

Kevin Li
June 21, 2011

Agreed.

Jeff Chan
June 21, 2011

Unacceptable.

Aaron Sherman
June 21, 2011

I too encrypt my sensitive data. The problem is that the lifespan on the value of that data is pretty long, and breaking encryption isn't as hard as I would like…

I believe that nothing I have stored is worth the millions of dollars of hardware that it would take to crack it… but if I'm wrong about the level of effort… :-(

Kevin Li
June 21, 2011

I agree

Ag Martinez
June 21, 2011

Detox, Vitamin C, Idebenone, MMS via DMSO, Diatomaceous Earth, etc.

Tastyavocado
June 21, 2011

yeah, my data is as important to me as anyone else's, but don't be so hard on dropbox, they fixed the problem after they realized it. If you are using a service, things happen. it's how you deal with them and once again dropbox is honest and tries to deal with the problem in the best way.

what do you want a bouquet of flowers, chocolates and an R+B song saying how sorry they are?

Ag Martinez
June 21, 2011

Yeah! Thanks dudes! Keep abiding!

Kevin Li
June 21, 2011

I agree with William McVey. You obviously do not have much “experience in software engineering.” Seriously? “Period.”?

PepperNation
June 21, 2011

Would you like some free games for your playstation?

Kevin Li
June 21, 2011

Oh, please. Why am I reading YOUR post at all? Do you even know how hard dropbox is to manage and update? If it was so easy, perhaps YOU could buy dropbox yourself!

Kevin Li
June 21, 2011

“As Tony Webster said “ This clearly indicates the need for re-engineering Dropbox security.”. 
In faculty we are told that we must test everything specialy in critical situations.”
“critical situations”? Dropbox did not even know that it was a “critical situation”. Just COOL DOWN!

Quinn DuPont
June 21, 2011

You're killing me here. I like the service, but it's only so long that I can put up with these kinds of security blunders. I'm actively looking for alternatives. Try to completely overhaul the security…

Nathan Cradit
June 21, 2011

Wow.

Nathan Cradit
June 21, 2011

Wow. I can't believe I read about this on Huffington Post 2 days after the fact, rather than an email from Dropbox directly. It was nice knowing ya', Dropbox.

dakku
June 21, 2011

You can always use some sort of dropbox encryption. For example you can install EncFS to encrypt-decrypt Dropbox content realtime. It is completely free and secure, so no matter if the password is there or not, your content (filenames and file content) will be completely encrypted. 

Here is a quick tutorial on how to do this: http://janaksingh.com/blog/dro

cjwworld
June 21, 2011

They are.. In fact I got an email from them and in email they said they are very sorry for this

cjwworld
June 21, 2011

You stated you got hacked.  Explain that for us.. how and who and what files did the perpetrator/perpetrators peer into, modified or copied?

cjwworld
June 21, 2011

Are you sure? some got emails like I did.  If they had 25 million users, (Probably less now) they are not gonna mass email all but do the way they explained they would

johnmclear
June 21, 2011

we're running out of pixel spa…

cjwworld
June 21, 2011

yes, they messed up and the date was on a Sunday.. Lets hang them all on a rope shall we?

James
June 21, 2011

You didn't even send me an email. DROPBOX = FAIL. No more sending recommendations to my friends. That was the LEAST you could have done. I shouldn't have to find out about this via Google News.

adriarichards
June 21, 2011

Ha, Tony, funny to see you commenting here.  Remember when we chatted about the Norm Coleman data leak?

I agree, there needs to be a serious review of QA testing at Dropbox.

Ryan
June 21, 2011

Yesterday we made a code update at 1:54pm Pacific time that introduced a
bug affecting our authentication mechanism. We discovered this at
5:41pm and a fix was live at 5:46pm.

As you can clearly see, 1:54pm to 5:46pm isn't five minutes. Maybe you should smoke less weed and maybe not drink a beer??

adriarichards
June 21, 2011

I completely agree.  If you data is that important, encrypt it before upload.  Don't upload source code for your web app to Dropbox unencrypted.  I use dropbox to share video footage for editing.

This is the difference between file sharing apps and backup apps.  Mozy, for example, will do AES encryption of the data before it leaves the computer (or you can use your own encryption scheme).

What I question are the QA practices here.  I hate to see updates done without thorough testing.

Yourstupid
June 21, 2011

Shut you dumbass. Your probably the retarded code monkey responsible.

Laurenfeinman
June 21, 2011

CJWWORLD, many thanks for reading and responding:  forgive my syntax and grammar: i followed the link that according to the Drop box team allows me to view any and all activity by date.  I am going on the assumption that this is correct.  According to that log, i was easily able to identify fraudulent access consisting of approx 200 files downloaded into one of my sub folders at exactly the time and date in question.  It seemed very easy to correct.  First, i immediately and easily disassociated all my computers and lap tops using the 'my computers' tab in my on line drop box home page.  Then i simply checked the square box next to each fraudulent file and deleted them.  

From what i can tell (and i PRAY i am correct) none of my original files were changed in any way, only files were inserted into a sub folder.  My lap top is performing as usual and my original drop box files seem fine when opened. 

I was worried that even if someone did not change my original files that GD forbid they copied personal data (?)  but according to how the drop box activity log works, those files would have shown up in the activity log as being modified in some way, so I do not think this is the case.

Below is the email I received from the Drop Box team, which i appreciated- but do feel should have included more information b/c it left me panicked and confused:

“Hi LAUREN,

We are writing because there was some activity in your Dropbox account that we'd like you to review. On June 19, 2011, there was a brief bug with our authentication system that could have allowed unauthorized access to accounts. You can read more about it at our blog post.

Based on a careful review of our records, we noticed that during the time the bug was in effect you:

Linked the desktop application to your Dropbox

As a precautionary measure, we disabled any apps. 

While it's unlikely, we'd like to be cautious and make sure this was you because if the activity was unauthorized, the information in your account could have been improperly accessed. Please review recent activity in your account, which you can access at xxxxxxxx, and let us know if you find anything suspicious.

We are very sorry and this should never have happened. We are scrutinizing our controls and will be implementing additional safeguards to prevent this from happening again. If you're unable to access your account or have any other questions or concerns, please contact us at support@dropbox.com.
- The Dropbox Team

Colm
June 21, 2011

While often not as usable or as fast (encryption eats up CPU) there are several secure alternatives to dropbox: http://skeptu.com/secure-alter

cjwworld
June 21, 2011

Thanks for replying and I got a similar email also.  I looked at my events and nothing out of the ordinary.. I was saving stuff at the same time of the 4 hour window and creating ebay store pages with its images.

Khürt L. Williams
June 21, 2011

Hourly updates?  Do you want them fixing the problem or updating the blog?  Yes, a mistake was made.  I suppose you've never made any.

Mari Garza
June 21, 2011

I wonder what percentage of complainers are on the “free” portion of this service.  Notifying users as it happens also notifies malicious users from accessing data.  They owned up to their mistake and notified those effected.  Unfortunately development has mistakes and the cloud isn't always safe.  Use common sense for protecting your data and weigh the risks to the reward.

Khürt L. Williams
June 21, 2011

Yes, you are a fool for putting your tax returns in Dropbox. I would not trust any sensitive documents to any cloud provider whose employees have access to my account (as noted in their TOS).

Khürt L. Williams
June 21, 2011

I hope you never ever make a mistake on anything in your entire life.  So that you will never have to feel what it's like have someone like you harping on about how mistakes an inexcusable.

Khürt L. Williams
June 21, 2011

I hope you NEVER ever make a mistake on anything in your entire life.  So that you will never have to feel what it's like have someone like you harping on about how mistakes an inexcusable.

Ben
June 21, 2011

As a paying user of your service (100GB) I'm absolutely appalled that I had to find out about this breach through an RSS feed of another blog… Every SINGLE customer should have been notified – just as any bank would notify customers in the event of a phishing attack, so should you have notified ALL Dropbox users of the potential fraud so that we could take any necessary measures to protect ourselves. If it took you 4 hours to discover and remedy the fault, how long do you think it will take to identify all potentially impacted users?
To say that I'm disappointed is a gross understatement. I'll be spending the rest of the evening – like many others I imagine – finding an alternative secure storage provider.

Kevin Li
June 21, 2011

Would YOU say it if you were running dropbox yourself?

Khürt L. Williams
June 21, 2011

You should not run the sharp edge of a knife along your throat.  There are not warning labels on knives.

Fred Young
June 21, 2011

I'd just like to point out that checking using the events log won't do anything useful – someone copying all your data isn't an 'event' in that context. Only changes are visible. Most people seem more concerned about people viewing their data rather than altering it.

Khürt L. Williams
June 21, 2011

Fine.  Sounds like you have a case for a lawsuit.  Go right ahead.

Kevin Li
June 21, 2011

I agree with everything you say- BUT your swear word. This is a forum discussion page (or something similar), not a place to quote movies.

Khürt L. Williams
June 21, 2011

Interesting. I have even received the form letter yet.

Kevin Li
June 21, 2011

As I said many times before, would you do what you say (not) to do if you were in the persons (companys) shoes?

BC 2009
June 21, 2011

Couple this with the fact that DropBox maintains a copy of my password on their server and I am starting to wonder if DropBox understands the kind of security users of this service expect to have.

To tell folks it is not possible for a DropBox employee to access my files (only meta-data) and to later change that stance to say that company policies prevent unauthorized access to my password are two very very different things.

Now you follow that up a few months later with a 4-hour free-for-all window and I am blown away.

Fred Young
June 21, 2011

Personally, if I die doing something stupid with electrical cables I can't identify, I'd say “shit, I shouldn't have been touching electrical cables I'm not qualified to be re-wiring!”. I most frequently die in accidents that are my fault due to nonsensical situations.

Khürt L. Williams
June 21, 2011

I would say that your inability to let this go is because you do “expect flawless protection”.  If you were willing to accept that flawless software does not exist it would bother you as much.

Khürt L. Williams
June 21, 2011

Dropbox can not offer you 100% security.  These guys, http://techcrunch.com/2011/06/… are just too good.

Khürt L. Williams
June 21, 2011

http://techcrunch.com/2011/06/
Which vendor do you think can protect you from this?

Khürt L. Williams
June 21, 2011

Denial! Denial! Denial! http://techcrunch.com/2011/06/

Khürt L. Williams
June 21, 2011

You never had it: http://techcrunch.com/2011/06/

Khürt L. Williams
June 21, 2011

What breach? Was there a breach? I didn't read anything about a breach.

Khürt L. Williams
June 21, 2011

How can you expect security on the Internet when these people have declared war on the gooferment: http://gizmodo.com/5813560

Simone
June 21, 2011

Like anybody with a bit of sense I dropped my Dropbox account. I don't care if you store sensible data or not in your account, we are not talking about some strange feature, it's just a basic login .. I have to trust anybody that is not able to check a username/password? I can't!

Khürt L. Williams
June 21, 2011

If you want enterprise class security for your storage then be willing to pay enterprise class prices.  Amazon Web Services will have no problem taking your money.  You get what you pay for.  Cheap is cheap.

http://aws.amazon.com/s3/

Khürt L. Williams
June 21, 2011

I guess you don't use Microsoft products then? Or any sort of browser plugin from Adobe?

Khürt L. Williams
June 21, 2011

US troops do it all the time in Afghanistan and Iraq.  Where do you think the term collateral damage came from?

http://en.wikipedia.org/wiki/C

Mboliver
June 21, 2011

This is greatly upsetting. Not only do we have poor management of the risk…of which to me and most other is the chief complaint. Dropbox should worry about loss of trust in their brand. I can only imagine that I will have some that will lose their trust in my knowledge to give them advice, since there are many that I have referred to the service. Thanks a lot Dropbox….way to let me down.

Khürt L. Williams
June 21, 2011

1. They fixed the problem with minutes of discovering the issue.
2. What was the security concern?
3. Changing the password would do nothing since no passwords were compromised.
4. What?!!?

Shaggy Da
June 21, 2011

Won't call you an idiot, but man I would think twice about putting critical data like that in the cloud. Just saying.'

Khürt L. Williams
June 21, 2011

Would you say the same thing if these guys, http://gizmodo.com/5813560, had hacked Dropbox?

Khürt L. Williams
June 21, 2011

Does Microsoft/Apple/Ubuntu send you a notice for each vulnerability?

Nathan Millerberg
June 21, 2011

Dropbox fixed this in 4 hours, not 5 minutes. For 4 hours, anyone could login to your dropbox account using any password they'd like.

Daniel Wyss
June 21, 2011

The communication you choose is absolutely unacceptable. No information to your user.. i need read in the newspaper in Switzerland!! Sorry… also no tweeting, also no information over facebook. Dropbox, sorry… but this is not really a good management style!

Khürt L. Williams
June 21, 2011

There was no breach!

Khürt L. Williams
June 21, 2011

Almost 40,000 people die in auto-related deaths each year.  Do you still drive?  If you do, aren't you putting your life and the lives of others at risk?

Cristiano Verondini
June 21, 2011

Wish to thank Dropbox for this note. Simple, clear. Error happens,

Cristiano Verondini
June 21, 2011

Wish to thank Dropbox and all the people working hard on it. Error happens. Shit happens. Internet is moving fast, and if you got the news from a third part site, maybe Dropboxers were busy fixing the problem and looking for any suspicious activity.
Thanks for the post, I'm so thankful for the service you're offering and for the transparency you provided in this moment.
Keep on innovating as you did. Dropbox is now a reference in quality of its services. And it's an invaluable tool in my everyday work. All for free.
Thanks again.

J. Canha
June 21, 2011

OH THE FATALITY. They communicate when they feel it's safe and appropriate to. Never heard that curiosity killed the cat? Were you affected even?

J. Canha
June 21, 2011

Fuck yes, crush these crybabies.

J. Canha
June 21, 2011

A very good point, if they didn't already.

Portland Real Estate
June 21, 2011

It would be nice if dropbox e-mailed all users who were not affected an email confirming that no activity happened on their accounts during this period and that they are confident that security was not compromised for unaffected accounts.

Nate Cheek
June 21, 2011

Everyone's data is important to them- yes.  But if they are putting it on the internet, they should always expect it to be vulnerable.  I have tons of stuff on Dropbox.  Am I worried?  No.  I don't put stuff on there that I wouldn't want the universe to see.

Steve
June 21, 2011

Pro tip;  if your information is THAT sensitive, don't upload to the fucking cloud.

Period.

Barkerj
June 21, 2011

Hi Dale. I have received an e-mail from Dropbox to say that I was the one who caused the bug. As an inexperienced user of the internet all this is new to me. I don't know how I did this or where it came from. I have scoured through all my documents that I worked on the day in question and can't find anything out of the ordinary. I had in fact used my pendrive to uploard many of my documents; perhaps thats where it came from? I have since cleaned all my systems and pendrive so hope there is not any more.
I have spent the last hour & a half reading all the blogs people have written and can understand their concerns. I send my heartfelt apologies to all of you if I indeed am the one who has caused this bug. I can only say I am sorry.

Nate Cheek
June 21, 2011

Systems like this are extremely complicated. Yes, what happened is very bad, but Kevin has a point, so don't go around trolling and cussing.

Nate Cheek
June 21, 2011

They sent an email to anyone who's account was logged in to during that period. If there is a remote possibility of your account getting compromised, you have been notified.  Still, it would have been good for them to email everyone.

David Pinero
June 21, 2011

Anybody remember “password = eh” on Hotmail?

Nate Cheek
June 21, 2011

It would be understandable if this was the first electrician on the earth.  Dropbox might not be the first in its field, but it is definitely in a largely unpopulated industry.  Dropbox is really the first company to offer a cloud syncing service on such a large scale.  25 million?  None of their competitors come close.  With this comes a lack of knowledge.  Dropbox has learned a lot since it was founded, but it is still the leader in a relatively new industry, and so, yes, some mess ups are to be expected.

Nate Cheek
June 21, 2011

FREEEEEEE!!!!

Nate Cheek
June 21, 2011

As I said before about the electrician analogy: It would be understandable if this was the first electrician on the earth.  Dropbox might not be the first in its field, but it is definitely in a largely unpopulated industry.  Dropbox is really the first company to offer a cloud syncing service on such a large scale.  25 million?  None of their competitors come close.  With this comes a lack of knowledge.  Dropbox has learned a lot since it was founded, but it is still the leader in a relatively new industry, and so, yes, some mess ups are to be expected.

bah
June 21, 2011

Exactly @dnickelson. I had just sent out an email to our team asking everyone if they felt like they used dropbox enough to justify purchasing the Teams offering.  I was asked prior about security and having done a little research, thought it was good enough.  This makes it harder to sell to my team…

Ken Simpson
June 21, 2011

You guys are big fish now; time to invest in a Chief Security Officer who has a budget and some real power to make changes within the organization. Security can't be a second priority feature on the road map. It needs to be the first priority.

Decimus Strans
June 21, 2011

On #4, I think he meant that something should have been implemented if the account was accessed (i.e. if you would log into LastPass from an IP that was not previously recognized on your account, you would have to validate your email address before logging into LastPass.) However, that would probably have been unnecessary if it only took 5 minutes to fix.

Robert Basil
June 21, 2011

hahahaha,nope. I use Linux / OSX and hate Flash. Thanks for playing…

Joel Day
June 21, 2011

Whether or not the incident is a result of Dropbox's incompetence or from the intrusion of a third party is irrelevant: It's still Dropbox's responsibility. If the service was secured the way Dropbox had originally claimed, neither scenario would be possible.

pjm
June 21, 2011

Can we please stop the bleating about “every customer should have received an email within 30 milliseconds of this happening”. Take 10 seconds and think about the consequence of such a (relatively content free) communication. You would have a small-but-significant percentage of 25 million people mailing support at Dropbox asking about **their files**, and any way you break it down that's a massive number. There's just no way that such an avalanche could be handled reasonably and helpfully by **any** company, let alone a relatively small operation like Dropbox, and for the overwhelming majority of these customers there is absolutely no reason to be worried. Dropbox's approach of waiting until they could analyse who might have been affected allows them to focus their response on where it's needed.

Ditto re the bleating about “should have had unit tests in place”, or “have you ever heard of testing?” or the like. Perhaps, just maybe, there *are* tests in place, but a bug introduced into the test infrastructure prevented those tests from running, or from flagging their inability to run. Any yes, there should be tests for tests (it's tests all the way down…). Alternatively, the way authentication was coded might have changed subtly from the previous code base, so that a test of the (in!)ability to log in without a password still passed, but didn't test the new components. There are any number of below-the-surface means by which cascading changes can expose a previously covered aspect, and anyone who throws an unqualified “this sort of thing should never happen” out there deserves a straightforward “yes, but it *will*” in response.

Obviously I'm guessing at possible scenarios above (and the principle of charity is hard at work), but to assume as some commenters have been that they have direct insight into some basic failing that caused the authentication problems is just pea-brained arrogance. Give it a year of so of internet time (ie about a week), and let those who actually run the thing explain what has happened.

Christian
June 21, 2011

I like all the people saying they have left dropbox because of this. Smart move, because this bug will be the catalyst for a number of changes that will ensure nothing like this will ever happen again. So you're leaving just as dropbox will become way more secure than it has ever been, to move to some other service who has never has this problem so may not have as stringent security tests.

It's things like this that make software better. And I can relate with dropbox, because I once wrote a bug that did the exact same thing. And now, I won't ever make that mistake again.

Anon
June 22, 2011

How does the expectation that data in the cloud is vulnerable have anything to do with the fact that this type of security breach is unacceptable?  Admit it or not but eventually we need to be confident our data (“important” or not) is secure.  Why should we “expect” otherwise?

Khürt L. Williams
June 22, 2011

I use Mac OS X, Linux, and Windows.  And I also hate Flash.
But I think you understood my point and are choosing to ignore it.  Absolute security is not possible and often times human beings are the weakest link.  You and I both know that despite the “many eyes” approach of open source vulnerabilities still plague Linux.

Khürt L. Williams
June 22, 2011

I am not suggesting that they are not accountable.  I am suggesting that to expect “0%” error rate – no bugs, no snafus, EVER – is just not realistic.  Security is not about money.  The only secure computer is one with no data, disconnected from a network, and powered down.

Judy Chats
June 22, 2011

Hey, folks, if we publish something to a cloud, it might be seen.  Period.  Dropbox has explained what happened, apologized, and is working to fix it.  Saying:  “A stumble may prevent a fall.”

AMorganis
June 22, 2011

There was a breach: Dropbox's security and of my trust in the service.

Xkalibur
June 22, 2011

Such a shame! you guys are really full of crap for letting this happen. What happen to unit testing? dev environment? Decrement our number of users by 1. So long!

Rob Iles
June 22, 2011

Can anyone from DropBox confirm / correct Fred's statement?

I was logged in at the time, so have since received the email notification. All looks fine, but if the “Events” page doesn't show downloads, then maybe my data was downloaded!

I'm not knocking FB. It's an unfortunate fact of life that sometimes, no matter how careful one is, mistakes will happen.

What would be useful (imho) is knowing if the activity on my account events does show everything – including “file(s) downloaded at *time* to device {name/ip/other identifiable description }.

Secondly, if DB are prepared to publish the erroneous code for peer review (perhaps also the fixed version) , *we* would have a clear understanding of what went wrong & why. I would understand if they declined to do so for commercial reasons – but it would restore a lot of confidence, help their reputation, and possibly appease the posters here. “Security through obscurity” is not a (good enough) reason to withhold it.

Anyone care to comment?

R.

Eric
June 22, 2011

No!! The problem is not they talk too much time before doing the correction!! The problem is the time it take they take to detect that authentication process had a problem!!!

It take near 4 hours to Drop Box to detect the problem and 5 minutes to correct it… It is not acceptable…

Eric
June 22, 2011

DropBox, I prevent you, NEVER do this kind of error again because you will lost me right away…

Is that clear?

What do you do you don't test your system update on a stub server and test it before putting it in production???

I am serious NEVER do this kind of error

Andreas Duess
June 22, 2011

Why has there been no email alert going out to your customers. I should not have to learn about this from tech blogs.

Joel Day
June 22, 2011

Duh, but alright, for the sake of argument, pretend I said “virtually impossible.” If Dropbox was what Dropbox said Dropbox was, would this have happened? Highly unlikely. Would a third party be able to access my data without stealing my password through a security hole Dropbox isn't responsible for? Highly unlikely.

I can say with complete and utter conviction that it would have been ASTRONOMICALLY MORE DIFFICULT, difficult to the point where it is perfectly reasonable to refer to it as “impossible,” for this to happen if Dropbox had the security it originally claimed to have. Please prove otherwise.

Tom Chapin
June 22, 2011

I just recently signed up for LiveDrive, which is very similar to DropBox. Y'all might wanna check it out. I'm still using DropBox for personal stuff, though. Any time you store data on a third party service, you have to realize that it can potentially be compromised. If you want to store sensitive information in your DropBox folder, you should do it using a TrueCrypt container!

Nelson
June 22, 2011

Wow… You guys sound like a bunch of pretentious pricks. Crybabies. Once your data is in the cloud, I say its all fair game. 0 transparency. If you really have the time to take a gander at my midget Asian porn, by all means it there for your perusal.

Gene Taber
June 22, 2011

Now wait a minute-don't make us weed smokers and beer drinkers look like those idiots. I'm not stupid enough to keep anything sensitive on dropbox, I don't pay for it, it was found and fixed by dropbox in minutes, they sent me an email as soon as it was possible, and nothing got hurt. If you need sensitive data immdiatly available to you anywhere in the world, put it on an Sd card in your pocket.

Richard Walker
June 22, 2011

I'm especially appalled since Dropbox and 1Password can work together to store your keyfile in the cloud. This basically tells me that any number of 1Password keychains could have been compromised. While it's unlikely that any were stolen, and even more unlikely that they'd be easily cracked, it's still very, very scary.

I suggest you take a close look at your testing methodology to make sure things like this are thoroughly tested and caught before release, and like Tony said, FULL transparency please – I'm a paying user and I expect absolutely no less.

You have a great product and it'd be a terrible shame to see it go down in flames over a silly oversight.

Richard Walker
June 22, 2011

They're not a half-assed service started as a hobby. They are a BUSINESS. Seriously, people PAY for the product, they should bloody well be held accountable when things go wrong, and you should have higher expectations of them. If Microsoft had an identical product and there was a slip-up, all hell would break loose and there'd be talk of a class action, seriously.

(disclaimer: absolutely NOT an MS fanboy, so don't even bring it up.)

Richard Walker
June 22, 2011

Wow, worst excuse ever. You're saying it's REALLY hard to manage and update, so they shouldn't be held accountable? I'm so glad you don't work for me.

Papas
June 22, 2011

You are right, Cliff.  Something like this should not have gotten through.  Just like everyone else is saying.  I certainly understood your point.  

Some people need to get off their high falutin horses and downsize their sense of self-importance.  There are a lots of dumb issues and dumb applications out there and, fact is, you braggarts are probably responsible for some of them yourselves.

Enkrypt3r
June 22, 2011

Your product is flawed, fundamentally and you ned to wake the fuck up.

Enkrypt3r
June 22, 2011

I predict your company will not exist in 2 years. Anyone else think it will be shorter or longer?

Frank
June 22, 2011

I am disappointed. I was hoping that Dropbox could be trusted. Perhaps it is time to review security measures; including having all data stored in a suitably encrypted manner whereby only the owner of that data is able view the data.Dropbox should have immediately notified all users and all users should be notified if their accounts had or had not been accessed. No notification does not make me feel any better. It’s a bit like the notification of the problem in the first place.Perhaps an overreaction but I immediately removed any confidential information although that is a bit like shutting the gate after the horse has bolted.

bitcoinbetas
June 22, 2011

if your bitcoin wallet on dropbox check out http://bitprotection.info  launching soon!

Mike Bell
June 22, 2011

Time to delete Dropbox off my hard disk. Goodbye Dropbox!

PS: Dropbox management is one of the worst in the industry. You guys should lose your jobs.

Bloughmee
June 22, 2011

That's true – but they would need your username.  And they'd need a reason to look for whatever you had there.  This was not a good situation,  but if anyone has anything that sensitive on DropBox – it should be encrypted anyway.   And what about the people you share stuff with on DropBox – what's stopping them from taking whatever you're sharing with them and giving it or selling it to their Brother-in-Law… or the KGB.    Bottom line -this was a bad situation but not an unusual situation.  I'm willing to give them the benefit of the doubt until the next time it happens.

Bloughmee
June 22, 2011

They're probably using the wonderful  Microsoft SQL Server .  We're an app developer –  had a situation where one of their fine security filters was allowing one company's Logo  to appear on another company's critical merge documents for one of our best clients.   These items were located in totally different tables,  and totally different instances of the database.   But that didn't matter- whatever Microsoft has done to ensure “security” totally broke down.  How would you like it if you went to create a merge document like a contract or a proposal…. but instead of your XYZ Consulting logo on the proposal… it came out of the printer with your arch rival's logo – AcmeConsulting.  ??      This crap happens every day – that's the way it is.  All you can do is try to follow best practices and hope everyone does their job.   Yes we had a high-paid CTO with all kinds of high-end security creds. Yes we did user acceptance testing by the book.   Didn't matter – our client  (the company who we developed this particular application for) still woke up one morning to a freaking nightmare…  their customers were finding the wrong images on all of their sensitive merge documents.  W..>T….>F  ??    Microsoft was barely apologetic… and yes indeed it was a “bug” in SQL Server.  Oops.   They gave us some lame work-around and promised a service release ( in a few weeks, maybe) would take care of the issue.  Yuh.

The Joppa
June 22, 2011

Many may want to encrypt their personal files before placing them in a Dropbox folder after a security glitch like this, and I've seen a few comments about combining TrueCrypt (TC) with Dropbox; I've tried it and it does work, but unfortunately it doesn't work all that well.  I've listed three other free programs in my last paragraph that you can use to encrypt your files before placing them in your Dropbox folder, which you can easily find via search engine.

In order to get TC to work with Dropbox, you have to go into TC's settings
and uncheck “Preserve modification timestamp of file containers.”  If you need that security setting for your other TC containers, you would then have to create a portable TC program just for use with Dropbox, which means you would have to dismount all your other TC containers in order to use Dropbox since TC can't run multiple times. 

Other problems with using TC in Dropbox:
The TC container could be a huge file, so it could take a long time to upload initially.  Then to avoid full disk errors, which halts Dropbox from downloading to your local Dropbox folder, you have to divide the original size you wanted to use for your TC container by half.  The reason for this is that your (500mb/2=) 250mb (for example) TC container is backed up into the Dropbox cache folder every time something is modified, creating the original 250mb TC container + the 250mb TC modified container = 500mb on your hard drive. 

To prevent multiple copies of the TC container from gobbling up all your disk space, you'll need to manually delete the contents of your cache on a daily basis (go into your local Dropbox's hidden cache folder and delete the files)  — you should do this even if you're not using TC.  And no, deleting the contents in your cache folder won't break anything, just don't delete the cache folder.

Creating smaller TC containers might work better — if you can remember what file is in which container, and you could end up using up all of your drive letters to gain access to those containers; you would also have to type in your password multiple times. 

Once you're done placing your files in the TC containers, you'll have to dismount all of them and wait for all of them to sync — this can take a few minutes to over an hour or more depending on how much was changed in each TC container before you can mount them from your other computer's Dropbox folder.  And if that blue circle doesn't go to a green check mark before mounting the TC container on another computer, you can corrupt and lose that TC container and any files contained within. 

Free programs you can use to encrypt your individual files before placing them in Dropbox are Axcrypt (not portable), dsCrypt (haven't tried this yet, but it's portable) or Androsa File Protector (portable).  You can also use these programs to encrypt multiple files at once with the same password by encrypting the folder the files are in — the folder itself doesn't become encrypted, so you can still see the encrypted file names on Dropbox, which you could easily change before placing them in Dropbox.  Then you can use your full 2GB (free) Dropbox space without having to use half sized TC containers that can take a lot of time to sync and end up using a lot of room on your HD.  Then when you're ready to use that encrypted file, copy it out of the Dropbox folder into a TC container on your HD and then securely decrypt the file.

Alex Chan
June 22, 2011

Does it not? Thanks for correcting me. Maybe something Dropbox could think about adding that in the future, it would make checking these things a lot easier if it ever happens again.

Along the lines of Rob’s suggestion, perhaps Dropbox could adopt a policy of logging computers that access your account: when you want to use the web interface, you have to “add” the computer, by entering your password again, and you get an email notification telling you the IP address, location, etc., with the option to kick it off if it isn’t you. I think Facebook and LogMeIn already do something like this, and I’m sure there are others as well. Might have caused the problem to come to light quicker as well.

Rushbc
June 22, 2011

DROPBOX FAIL.

vovcacik
June 22, 2011

What fact makes you think Dropbox does proper testing?

Take a look at the bug fix – 5 minutes is not enough time to fix non-dumb bug and it is not enough time for proper security tests neither. And it is definitely not enough time for both.

And it is not only security which got harm, it's also Dropbox's credibility. Both are legitimate.

vovcacik
June 22, 2011

You can't know. Doors were wide open. I am rather pessimist than sorry.

XML CES
June 22, 2011

If your housekeeper lets your front door open for a few minutes – would you fire him?

All people who are angry now: relax. If anything bad happened to your account they will inform you and give you a fair compensation, i guess.

And for all the other's they surely will provide some more extra GB for free to fix their reputation proplem a bit.

Terziar
June 22, 2011

I Like Dropbox very much. And shit happens! If you want to be safe using your data, switch off the internet connection.

Thomas H
June 22, 2011

I'm considering going back to Carbonite.. This is not good enough.

Johann
June 22, 2011

A small request:  In a case like this, please also post the affected time period in a universal format like UTC (a.k.a. GMT).

The situation you have right now is that people are already panicking, and then everyone who is not from the US has to spend an additional five (panicked) minutes trying to figure out how his own time zone relates to “Pacific”, which doesn't exactly make things easier.

Robin
June 22, 2011

Again a smack in the face for cloud computing

Andrew .
June 22, 2011

“Arash Ferdowsi's ExperienceFounder/CTO
DropboxPrivately Held; Internet industryApril 2007 – Present (4 years 3 months)Changing the way people think about files and storage.”

—-Why yes, Arash. You certainly are changing the way people think about files and storage.
:-)

Robin
June 22, 2011

It's more a matter of reputation for cloud computing.

Dan
June 22, 2011

hourly updates? are you an idiot? It really annoys me when people say that. Having worked in a major organisation that has had major problems which effected its user base, hourly updates is impossible, stupid. not possible and retarded, unless you like “we have nothing to report at this time, and the issues is on-going” updates, then fine, have as many as you want, I'll do it every minute if it makes you feel warm and fuzzy! 

Get your head out your ass and let the network admins and developers do their jobs at investigating the error that occurred! We're only human, mistakes will be made, I'd like to see you do a better job? No? Didn't think so. 

The last thing you need during a major customer effecting incident is your comms staff pestering developers and net admins for updates every fucking hour! An update will be provided by them, as and when they fully understand and have gathered all information. 

Either that, or you're just worried about people finding your hardcore porn stash you keep on drop box?

Dan
June 22, 2011

hourly updates? are you an idiot? It really annoys me when people say that. Having worked in a major organisation that has had major problems which effected its user base, hourly updates is impossible, stupid. not possible and retarded, unless you like “we have nothing to report at this time, and the issues is on-going” updates, then fine, have as many as you want, I'll do it every minute if it makes you feel warm and fuzzy! Get your head out your ass and let the network admins and developers do their jobs at investigating the error that occurred! We're only human, mistakes will be made, I'd like to see you do a better job? No? Didn't think so. The last thing you need during a major customer effecting incident is your comms staff pestering developers and net admins for updates every fucking hour! An update will be provided by them, as and when they fully understand and have gathered all information. Either that, or you're just worried about people finding your hardcore porn stash you keep on drop box?

Dan
June 22, 2011

Get your head out your ass people and let the network admins and developers do their jobs at investigating the error that occurred! We're only human, mistakes will be made, I'd like to see you do a better job? No? Didn't think so. 

The last thing you need during a major customer effecting incident is your comms staff pestering developers and net admins for updates every fucking hour! An update will be provided by them, as and when they fully understand and have gathered all information. 

Either that, or you're just worried about people finding your hardcore midget porn stash you keep on drop box? If you've stored data in the cloud unencrypted blame your self, once you upload personal information anywhere consider it disowned by your self. 
Stop the fucking moan and get on with life, go have a beer, spend some time with your family instead of being moaning bitches about a company that's done far better in life than you have.

Me
June 22, 2011

That's a disaster really.  When I signed up I thought even Dropbox staff couldn't access my data.  Then it turns out staff can access my data.  And now it turns out everyone can.

Fabio Duma
June 22, 2011

is this real? are u kidding me?
i've got the 1password's file on dropbox, if something has happened on my personal data, you will be contacted by my lawyer.

Angry Dropbox User
June 22, 2011

Would you say “we're only human” if someone cleaned out your bank account because ID and PIN numbers weren't checked?

Dan
June 22, 2011

Yup.

Michael
June 22, 2011

This is disgusting. Why was I not informed of this? I pay for the premium service and when my data is comprised I expect to be informed! 

I am now looking at alternatives and will cancelling this afternoon at the latest!

Qaz
June 22, 2011

Just switch to Wuala!!!

Optimus Prime
June 22, 2011

Switching to Wuala so fast…. everything is encrypted on your pc before it even gets to the cloud…

tt7
June 22, 2011

Yes. No confidential data unencrypted into the cloud.

Dan Abrams
June 22, 2011

Problem fixed in 5 minutes. Problem not discovered for four hours.

The latter is a big problem. If this had been Apple or Google, the internet would be up in arms and there would have been congressional hearings.

Will Peavy
June 22, 2011

It's a mistake that could have been EASILY avoided by utilizing a proper automated test suite before deployment.

Will Peavy
June 22, 2011

The cloud can be secure (and there are cloud storage services that are more secure), but Dropbox has taken a very casual approach to security (despite their claims otherwise).

Will Peavy
June 22, 2011

“have you heard of unit and regression testing?  Because it's something you should be doing before each new drop.” – Well said. This bug could have been easily prevented by a proper automated test suite and integration process. The software engineers at Dropbox should be embarrassed by this. It's a very amateur mistake.

Will Peavy
June 22, 2011

This isn't a mistake. It demonstrates a software engineering process that is broken. Can you name one reason why a system that places an emphasis on information security would not include an automated test suite that tests authentication credentials before deployment?

Matt M
June 22, 2011

“We [DB] use the same secure methods as banks and the military.” I hope not!! :(Yes, to err is human. To slack in this way in this line of business is inexcusable. As Richard Walker put above, had it been Microsoft or even Google, or your bank, users would have gone to war, flaming. Attacks or bugs are excusable – opening the door to the vault is not, and this self-screw-up warrants harsh criticism.I think there are two conclusions to this: (1) DB is not trustworthy, unfortunately – when something like this passes, what other (and future) errors may be flying under the radar? (2) More users will be aware of the insecurities of the Cloud, which is good, I suppose.

Matt M
June 22, 2011

No, it's not “common sense”. Why would anyone sensible use a service that is insecure? Especially with all the alternatives? “…same secure methods as banks and the military”, oh yeah??
Is Dropbox a basic, low-expectations filesharing service à la RapidShare or is it a reasonably secure personal service like Google Documents for instance? Now we know.

Grow up, DB! You're not a garage upstart company anymore who can get away with empty small talk: https://www.dropbox.com/help/2

Will Peavy
June 22, 2011

They are not the first company to engineer software. There is an ample body of knowledge on how to test code changes before deployment.

Ithacasza Ithacasza
June 22, 2011

Damn all those nude pictures of my dogs out on the net, horrible!!!!! Calm down boys and girls since you all have great comments seems like you now what you are doing so nothing sensitive has fallen in the hands of rogue third parties. Oh btw, will we get xtra free speace because of this little gaff?

Will Peavy
June 22, 2011

Well said. Authentication tests should be at the core of any system that is designed with an emphasis on security.

Javier
June 22, 2011

The world is mad and mad people are loose, I trust DropBox because they care for our security

Blabla
June 22, 2011

I really like how you guys managed the situation. Everything is fine and there is no need to panic. I wondered yesterday, why alle the files i deleted were restored ;) keep up the good work and keep this close communication with the customers. 

All good! =) Thanks!

Will Peavy
June 22, 2011

In each system, there are priorities. Dropbox claims that security is important in their system, and therefore authentication is a non-trivial part of the system. There is no reason for Dropbox to not have an automated test, that checks that authentication credentials are required, before deployment.

V Bakke
June 22, 2011

I disagree! They fixed the mistake as soon as they become aware of it.  And the told all affected, and even the 'maybe affected', users.  Not all companies would have informed in this way, and would have tried keeping it quiet instead.

Will Peavy
June 22, 2011

It's not the end of the world. It is, however, indicative of a flawed software engineering process. This bug could have been prevented if industry standard practices were implemented.

Will Peavy
June 22, 2011

Agreed. This is indicative of sloppy craftmanship.

Will Peavy
June 22, 2011

Good point. LastPass demonstrated a professional response to their most recent security issue that actually increased my trust in their service.

francisco toquica
June 22, 2011

…dropbox  introducing  iCloud! ?

Will Peavy
June 22, 2011

Khurt, bugs are a common part of software. However, this is not just a bug. It is indicative of poor design of a non-trivial part of their system. Joel is absolutely right, the service “should never have been architected in such a way to make this kind of failure even remotely possible.”

Warren Head
June 22, 2011

OK, so my account could be opened with any password for a while.  Who would know that at the time? No one.  Who knows my account name, or that I even HAVE an account on Dropbox? No one.  Am I worried about this? Not really.  Could Dropbox have handled communications about this better?  Yes.   Am I going to flounce off because of this error?  Nope.

Paulo
June 22, 2011

Some more replies and it will be one word per line.

Aaaa
June 22, 2011

Ох тэ ж облажамба!

Meshan Govender
June 22, 2011

It's really uncool reading about this on another blog site. Dropbox you could've sent us an email. Didn't expect this from Dropbox!

Pierroi
June 22, 2011

it appears sugarsync loses your files…

compete.com sugarsync vs dropbox..

Dssdealer
June 22, 2011

Any suggestions on a alternative secure service? Dropbox is dropping the ball to much lately.

Trey
June 22, 2011

Where are the new updates?  What is the plan to ensure this type of utter failure does not happen again?

Flora Lam
June 22, 2011

I want to know who accessed the Life Value Education folder improperly.

Anonymous
June 22, 2011

Found out through a PodCast, would have much rather received an email.

Cj_barker61
June 22, 2011

I totally agree and hope that its fixed very fast.

AJB
June 22, 2011

1) I found about this from third-parties, never from dropbox.  I don't have time to read the blog.  
2) I am glad I had removed some sensitive information last week, that I needed shared.  Now I know not to trust DB for anything really important.
3) It is obvious their SDLC is broken, this type of issue should have been caught in code review/unit test/regression test, etc.
4) Who the hell introduced code changes in the middle of the frakkin day?!?!?
5) I am already starting to look at alternatives.  MobileMe (iCloud), I am coming back.

Jules
June 22, 2011

well, it could be worse. Look at Sony, apple, and so on…

AJB
June 22, 2011

1) I found about this from third-parties, never from dropbox.  I don't have time to read the blog.  
2) I am glad I had removed some sensitive information last week, that I needed shared.  Now I know not to trust DB for anything really important.
3) It is obvious their SDLC is broken, this type of issue should have been caught in code review/unit test/regression test, etc.
4) Who the hell introduced code changes in the middle of the frakkin day?!?!?
5) I am already starting to look at alternatives.  MobileMe (iCloud), I am coming back.

SocaSam
June 22, 2011

Microsoft does have a similar product.

David
June 22, 2011

I definitely migrated to Wuala (http://www.wuala.com/en) this service encrypts data on the device
DropBox is unacceptable not think of such architectures

it is logical that people are concerned about their data and the popularity of DopBoxnot rid of this bug

Aweiner
June 22, 2011

NOW you give me a good excuse why that s&it leaked out!!!

Thanks a lot

Hmaciel
June 22, 2011

I have not access this month of June 2011

Find99
June 22, 2011

I guess this is an heads up for you.  I think it is an issue many organizations are having to deal with.  Unfortunately we do not live in a perfect world populated by others who love us and have our best interests in mind at all times.  That will be a wonderful day, but until it comes, I appreciate your vigilance.  Your service has been a big assist to me and my family.  I would hate to see anything destroy that advantage. 
The Best – and happy hunting/guarding

Kevin Jacokes
June 22, 2011

Completely unacceptable. While I search for an alternative to Dropbox, I'll be all of my files stored in my Dropbox folder.

All of the functionality and accessibility in the world doesn't matter if you can't users' data secure.

Kevin Jacokes
June 22, 2011

encrypting all of my files***

Kevin Jacokes
June 22, 2011

can't keep***

bad day for spelling.

Alex Laird
June 22, 2011

The point you're making is well heard; however you're making it in regards to something that is not the topic.

If Dropbox had pushed a release of something that broke their cutting edge CSS3 interface, or they were trying to implement new HTML5 attributes on their site that caused a glitch, we would all understand that.  Your response would be warranted, and, quite frankly, people would probably really not be upset at all–we might even find it kind of cool, because we'd see the awesome new endevours they're trying, and lessons they're learning that AREN'T compromising our security, only our convenience.  That is, they would have broken cutting edge technology that is being learned and experimented with just as much as it is still being developed.

What they broke was authentication.  A tried and true resource that has been around for since the early 80s.  It is nothing new, and it is inexcusable for a professional company to RELEASE a broken version of this (they're more then welcome to break it before releasing it).

These types of mess ups should never be “expected”.

I should rephrase that: this bug is completely excusable.  It's completely acceptable … if Dropbox does not want to be taken seriously as an industry standard.  It's really up to them.

The internet and open-source age, while productive for development and learning, has spurred on a generation of sloppy, unprofessional software engineers, and this security breach is a affirming proof of just that.

Kevin Li
June 22, 2011

I'm glad you don't own dropbox.

Guest
June 22, 2011

Wrong link, Pierroi… it doesn't support your point at all.  Unless you see something on the “pro” version of compete.com that I can't.

Youarestupid
June 22, 2011

You are the dumbest person ever if you stored your tax return un-encrypted on the INTERNET. You are just plain stupid.

Kevin Li
June 22, 2011

Negative. Inevitably, all (things) eventually go and wind up like this, UNLESS you don't want dropbox to upgrade their system AT ALL. AND, you don't think other companys do this because they don't even tell us!

Kevin Li
June 22, 2011

0.02% on YOUR account. Don't worry about it. You're not the grandfather of everyone on the world.

SecretJayman
June 22, 2011

Forget this nonesense. I'm going to Microsoft Skydrive, even if it is slower… All my financial data is on DropBox!!!

Small Business
June 22, 2011

Not all of us are just storing pics and songs.  We have dropbox for teams for our small business.  Every single one of our client accounts (with social security numbers) stored on dropbox.  If our clients knew this we would have serious business risks, so I expect to hear about it directly from the company, not a blog post from a third party.

Julio Márquez
June 22, 2011

Oh no! This is like the PS Network hacking all over again :(

Jon
June 22, 2011

DropBox should take some initiative here and implement AES level client-side encryption immediately.  They should issue a statement saying it is in the works and will be targeted for release in ____ days.  The two security issues that the media has reported (data can be accessed by DropBox employees, the password issue) have created an issue for which damage control must be applied.  I would stay with the service if DropBox did this.

Pierroi
June 22, 2011

Ders a reason why sugarsync didn't catch on after all those years… they don't lack features… they don't lack scalability… they just lose peoples files if you go on their forums… you're welcome to try.

Joel Day
June 22, 2011

I'm glad that you spent all day yesterday blindly apologizing for Dropbox, but you can't bother to come back and admit that you have no idea what you're talking about.

You know what the best security is? Not being a target. FYI, phony blowhard whitehat “Security Professional” parasites with meaningless credentials are one of the biggest targets on the planet, and justifiably so. Good luck, buddy.

Bill Sodeman
June 22, 2011

How about a new article on this blog? There's been no update in almost 2 days. So much for transparency!

John Bradshaw
June 22, 2011

I think calling this an “Authentication bug” is disingenuous.

Rjones
June 22, 2011

Simply not good enough.

Time to notice problem = FAIL
Nofication of all users = FAIL
General security = FAIL
Contrition = FAIL
Instituting protective measures after the fact = FAIL

Dropbox had an opportunity to restore our faith in the wake of something that never should have happened.

Opportunity = WASTED

Robert Basil
June 22, 2011

No absolute security is not possible. But let's look at what happened.

1. For a period of 4 hours anyone could log into anyone else's dropbox account with only an email address. Any password would work on any account.

2. The problem was not found by the Dropbox team (or it's non existant Q&A reviews) but by a user.

 3. Once being notified of the problem Dropbox said nothing until the story started showing up on tech blogs.

4. Dropbox then chose to only post something about it on it's blog and not to notify it's users (many who are not tech savvy) by email or any other means.

Are you really making excuses for this and comparing it to a vulnerability in Linux? Really? I would have expected better from a “security consultant” such as yourself.

Tom
June 22, 2011

Found out through an article on TheInfoboom – why didn't I hear from DropBox first?

Chris Wiegman
June 22, 2011

While I hate to situation like this with any company or service I am impressed with their handling. If I read this correctly they inadvertently caused the problem themselves and emailed anyone who's account had been logged into (after reviewing the logs). That is exactly how it should be handled.

Good job Dropbox team! Every service is vulnerable, but it takes a stand-up company to admit and work to fix the problem (and not just shut down their service for weeks without a word).

Thomas1004
June 22, 2011

from the software pov, wonder if this was a break/fix install. That might not have required a full regression test suite to be run, just enough to validate the fix. And maybe a developer put a line of code in there to ignore authentication failures so a range of accounts could be tested quickly..then left the line in the production code. doesn't excuse anything of course, and it's still a serious problem. we used subversion to compare our source code before any install, to insure we were putting in what we expected to put in.

Andrei
June 22, 2011

Hmm, I only found our because of makeuseof. Why wouldn't dropbox send an email? I mean, we get emails when we get more space, but not when ANYONE can log in to our accounts?

That makes sense…. no wait it doesn't….

Guest
June 22, 2011

Is sending an automated email that hard to do? It doesn't matter how important our data is, we should be notified.

Rod Trent
June 22, 2011

Don't sweat it.  It's “the cloud”.  The cloud is still in beta.  Don’t put something up on the web (Dropbox, Facebook, blah, blah, blah) you don’t mind others to have access to – because it will happen.

Spitfire
June 22, 2011

The email notice I received identified the folder accessed during the 'open' period. I know the contents of this folder and have no issues with open access to it.

I appreciate hearing from DropBox which folder/s were opened during that period. It is more information than I would have expected so am pretty happy with them. One commenter has said, cloud computing is not secure, really, and one should bear that in mind. It was designed, I understood, for file sharing and that principle should apply to all users. What files do you want to share? Why do you use DropBox, should you be paying for more secure service, etc etc.

Don't blame DropBox, they worked as quickly as they could to kill the bug. If you are not happy, move to another service provider.

Wm
June 22, 2011

i have contacted support – but there is no answer from you

Drop Box User
June 22, 2011

Very disappointing. I stay with dropbox because of simplicity, security and the friendly vibe. With so many other options like suger sync etc offering great services I would keep my reputation spotless. Especially in communicating when you have not delivered what you promise. This is reparable but you should have emailed us strait away as we trust you with our data and personal information. You earn trust and you have earned it, but and you can loose it. Be cool, communicate with your customers, they are the only people that actually matter. I found out about this from macsparky.com. A email would have been appreciated.

Monica Fortunato
June 22, 2011

Thank you very much

sync
June 22, 2011

In fact, this is a problem we are subject to when placing data somewhere else.
However, anyone should be aware of this possibility and protect data before relying upon some distributed service like this.
Shits happen!

Paul Gailey
June 22, 2011

A practical way of keeping tabs on any oddities in your Dropbox is to susbcribe to the RSS feed of your Dropbox in Activities, then hook it up to an RSS to Email or Twitter account that will tweet you of any changes as soon as they happen. Set up a protected Twitter account that only you follow and using a service like IFTTT you can set up alerts as you wish.

Andrew .
June 22, 2011

Dropbox devs should take some advice from Google about testing…

http://google-opensource.blogs

Lint
June 22, 2011

You can bet amazon with their zero-support look at your files.

Technology Blogger
June 23, 2011

Thanks for solving this bug as soon as possible..

Pissed Customer
June 23, 2011

I'm going to google docs! You suck Dropbox!

Lomonglau
June 23, 2011

BIG PROBLEM WITH DROPBOX!!!!!

Hi Dropbox team,

There's a glitch in the Dropbox that is just as great if not
greater than your security problem. Our whole office uses dropbox to
store our documents. Problem is that changes made from one computer in
dropbox is not updated automatically in another dropbox folder on
another computer, so consequently there are many conflicting files on
every computer terminal.

Please advise as you claim your system is
linked virtually to make life easier, however from our experience this
is not so. We have to spend hours going over which documents are
incorrect and work out the difference and then deleting the oldest documents. This becomes a cyber nightmare!

Asd
June 23, 2011

rediculous

Jon Dagle
June 23, 2011

Unacceptable. This is a failure of your tech/execution, a failure of the trust we placed in you, and failure of communication on your part.  Nice way to let us know.  I didn't even know there was a dropbox blog until I learned about this failure. Time to find a replacement. iCloud? Who knows. But I'm pretty sure its “Goodbye Dropbox.”

John Shutske
June 23, 2011

Hey DropBox…

A few pointers on risk and crisis communication….(some of this was done in your original post)
1.  Communicate early and often.  There is no risk in over-communicating.
2.  Show empathy and concern in appropriate ways for your customers.
3.  Tell us what you know, what you don't know, and the specific steps you are taking to learn what you do not know.
4.  Tell us when and how you will be communicating with us in the future.
5.  Do not downplay the risk level (if true risk exists).
6.  Give us at least one or two things we should do so we have some sense of control over the situation.
7.  Let us know who your partners are in investigating and solving this problem (including exploring any potential breaches that may have occurred).  Even if the parties involved are only internal to the company, we need to know who's working on the issue and that you deserve our confidence.
9.  Don't use data (like 1%) to hide the potential risk.  One percent of 25 million is a pretty big number! (a quarter of a million if my math was done correctly and then re-checked before going live with this post).

   –shutske@gmail.com

Sistahfire
June 23, 2011

Need you ask?

Whittle Dominic
June 23, 2011

Appreciate your email and your honest (and fast) action regarding the bug. 

Dropbox: you and me, we're ok.

The Joppa
June 23, 2011

Is there a free portable version to Wuala like DropboxPortableAHK is to Dropbox?  I like having the ability to take my Dropbox folder with me and use it on any computer (with internet connection) anywhere without having to install anything — just insert my USB Flash Drive and instantly have the ability to use my Dropbox folder on that computer — instant access without having to open up some browser and type in my username and password which could be stored somewhere. 

It's really great to have this added protection on my Flash Drive — any
file I just modified away from home is quickly synced to the cloud, so
my files aren't lost if my drive stops working or mysteriously vanishes.

I use TrueCrypt to protect the contents of the drive, which contains the DropboxPortableAHK program, and
I'm going to try dsCrypt to see if that will adequately encrypt the
individual files before placing them into Dropbox.  I don't need a
browser or FTP utility — just open up that Dropbox folder on my USB
drive and have instant access to those files. 

So, is there a WualaPortableAHK?  Let me know if there is such an
application, I'd be interested in that.  I've read that Wuala was
thinking of working on something similar and this was posted back in January, any progress and is it free?  Till then, I'm sticking with Dropbox.

vovcacik
June 23, 2011

As I wrote in original post, Dropbox did not handled the issue correctly. User should have been contacted via email. It was just luck that I saw this blog post. Unacceptable. Dropbox is not their school project.

Why should be updating server so hard? The error did not originate from updating process. It's coding error.

bit
June 23, 2011

Arash wrote: “This should never have happened.”

Yup, and thats why I'm leaving Dropbox as a paying customer now. My quality expectations are high when I pay for a service, Dropbox does not fulfil these expectations.

tardy
June 23, 2011

If Dropbox had been a public company, the market would have penalized them. I would like some monetary compensation for this gross mistake esp., for paying customers.

Benjamin Tayehanpour
June 23, 2011

Good riddance.

Benjamin Tayehanpour
June 23, 2011

It's your responsibility to keep your data safe. No one else's. If you trust Dropbox, then you are at fault, not Dropbox. If you have sensitive data stored on a location not controlled by you, you naturally encrypt it. I'm not saying that this flaw is laughable and indicates a major design flaw. I'm not saying that Dropbox isn't to be blamed. But if you think you can store data unencrypted, unsecured, on the Internet, you deserve it being stolen.

Benjamin Tayehanpour
June 23, 2011

True that, true that. Supplying local time in a blog post for an international service is just plain ignorant.

Benjamin Tayehanpour
June 23, 2011

I agree with you to a certain extent. But there is more to the flaw than a layman would see; being able to log on to an account due to a flaw in the authentication mechanism suggests that the password plays no role when it comes to actually unlocking the account. And that is a huge design flaw. Naturally, files should be encrypted with the password as part of the algorithm. That way, even if the authentication system crumbles, all the attacker would be able to retrieve is useless scrambled data.

Benjamin Tayehanpour
June 23, 2011

I honestly hope that last part was sarcasm. So far, there hasn't been a version of Windows whose login screen isn't easily bypassed. Heck, the Windows 7 flaw isn't even fixed yet, and the flaw's been out in the wild since 2006! (It was present in previous versions of Windows, too)

danmullen
June 23, 2011

As an analyst programmer I find it very frustrating reading the number of comments from people blindly defending DropBox – “You shouldn't be storing sensitive data in the cloud”… “They fixed it in 5 minutes”… “Everyone makes mistakes”… no-one should be happy to use a cloud storage provider that allows a security flaw of this magnitude to be rolled out to their live environment!  Seriously, would any of you sign up to a service that doesn't guarantee to protect access to your files?
If I was to make a mistake like this and open up my employer's systems to the outside world, I'd lose my job.  DropBox should be held accountable and it's only right that people are angry and upset at this security cock-up.  At the very least I would have expected an apology and an email from them instead of reading about it on SlashDot.  Very poor DropBox, very poor indeed.

Jenycz
June 23, 2011

well, i mean lets think about it

Logos
June 23, 2011

confirming that sugarsync is absolutely not reliable, no matter the features, syncing fails off and on.

Didier Brackx
June 23, 2011

UNACCEPTABLE.
I haven't even got a message from Dropbox and I have upgraded my account to 100 Gb !!! Damned. Really damned !

pjm
June 23, 2011

Do you like it? I tried Wuala recently and it was not a very pleasant experience. The software is as slow as molasses to boot even when you've downloaded the application and installed it. The Java webstart version just ground my machine to a halt: it's true that I'm not using cutting edge hardware at home, but my iMac is not *that* bad.

Msptechup
June 23, 2011

I totally  agree  with the you. Give the guys due  they fixed it in 5 mins. after knowing it. there  are security  problems  which many company just hide  and take  hours& days to fix.
 gooood

M.Thompson
June 23, 2011

Thanks for being so diligent in solving the issues – I was one of the clients effected – they notified me promptly and the issue was solved.  The world did not stop and our company was not negatively impacted. 

I appreciate your services and will continue to be a loyal Dropbox client!

Dan C
June 23, 2011

Times are bad.  Children no longer obey their parents, and everyone is writing a book.
– Marcus Tellius Cicero, statesman/orator/writer, (106-43 B.C.)

Dan C
June 23, 2011
Anonymous
June 23, 2011

I'm the original poster. Dropbox emailed me today about my file that seemed (to me) to have been restored. It was my error in thinking the file (a large video file) was restored ( “This is the sign of a program starting the render process for the movie but never finishing it.”). Sorry for the false alarm.

Nate Cheek
June 23, 2011

Maybe it wasn't clear to anyone else, but I've always known and understood that DB employees could technically access your files, although they were only allowed to access metadata when helping you.  Maybe this is because I help out a lot on the forums, but this has always been clear to me, and I don't mind.

Nate Cheek
June 23, 2011

Are you sure that was from Dropbox?  The problem was a bug on one of their security updates, not a virus or something that someone uploaded.

Nate Cheek
June 23, 2011

If you didn't get an email from them, there is 0 percent chance you got hacked. Period.  They sent emails to all the accounts that were logged in to during that time, so if yours wasn't, there is NO CHANCE you got hacked.

Nate Cheek
June 23, 2011

I believe you can turn off Growl with Dropbox.

Nate Cheek
June 23, 2011

Well, I don't have super private stuff on there… so…

Greg03
June 23, 2011

An apology and an update are required asap. The former because you still haven't provided one (which is strange and unsettling) and the latter because loyal users deserve to know the status of your investigation given the magnitude of this error.

Guest
June 23, 2011

[Update - 2:49am] – At this point, the accounts that logged in during the period have been emailed with additional activity-related details for review. If you have any questions or concerns, please contact us at support@dropbox.com.

Hope people didn't change email addresses of accounts that did not belong to them. I don't understand how it is claimed that everyone is notified.

Nathan
June 23, 2011

This is now the coziest place on the net.

Tommaso
June 23, 2011

Grate crysis communication, grate attention to customers, the best apologize e-mail ever read. Thank you Dropbox, shit happends, but only great companies can react like this!

Gsa
June 24, 2011

Perhaps he was thinking that he could trust their original statement that no onecould access it but him.  It was only recently they actually told the truth and said that they could access his files.

Gsa
June 24, 2011

Dropbox 

1. You lied (or at least exaggerated your employee access to my files) 
2. You then left my front door open for four hour so that a passerby could riffle through my underwear without restriction. 

I am unhappy with this level of service.  I am much more unhappy with the fact I had to read about this elsewhere.   I cursory email out to ALL users to say 

Dear User

You may be aware of a recent problem in our authentication. EXPLANATION AND AGONIZED APOLOGY HERE. Be reassured that after extensive log checking on each users account we can assure you that YOU account was NOT accessed and your data is secure. 

DESCRIPTION OF INITIAL STEPS TO STOP A REPEAT OF THE EVENT.

Regards
Dropbox

Regards
Fedup

Aitjlat
June 24, 2011

No, now this is.

Acamping
June 24, 2011

sensitive documents shoul dbe put on other places ,like a cd or pen etc ,if hakers can enter in the accounts of sony and other importants company….internet is no secure ,so take advice and do what needs to be done …

Seneca
June 24, 2011

Now this is starting to die down, can we take it that at some point there will be another blog post/announcement about what steps they are taking to make sure it doesn't happen again.

Also maybe, since their reputation for security is rightly or wrongly taking a hammering, any indication of the steps they are taking to restore confidence in DropBox as a whole.

These guys may be exceptionally talented engineers but they really do need to hire someone with some serious PR skills.

pissed@dropbox.com
June 24, 2011

Um, I disagree with YOU. It's been four days since this blog post, and I haven't heard jack from Dropbox. No new blog posts, no emails, nothing. This is not customer service. This is customer avoidance. 
I paid $99 for the upgraded service, so essentially I handed over a hundred bucks so my files could be available to anyone who wanted them on the web. Files I was guaranteed would be safe.  My service is up for renewal in July. I for one will be terminating my relationship with this company.

Stewart Malley
June 24, 2011

Your company is the reason we have so much identity theft – companies being grossly irresponsible with client data.  And the problem is that you just don't get it.  You absolutely shouldn't be using DB for this data.

Iseldomfail
June 24, 2011

Oh crap!

Dan C
June 24, 2011

If they did slick PR, I'd be worried that the product wouldn't be worth using.

Dan C
June 24, 2011

Please explain how a company such as Dropbox can suddenly send emails to 25M people without being nailed as a spammer.  The *right* way to do it is to email the people actually affected, and tell everyone else via the normal channels – blogs, support forums, etc.  Exactly the way they did it.  (Although it could have been done faster).

Jim Beebe
June 24, 2011

I am reccomending that all my users remove Dropbox immediately.  This is unacceptable and the companie's response has been unacceptable.  Notification of this type of incident via “blog” and hoping customers hear about it (or not) via news channels is insane.

We have nearly 50 users that have Dropbox installed, so I would expect your user count to drop by at least that much shortly.  As to the rest – Dropbox might as well change it's name and/or file for bankrupcy now, because companys don't recover from a breach and response this bad.

Margaret - CEO, Sabi
June 24, 2011

What surprises me:
1) where was regression testing?  If security is THE priority (and it should be) how could it be a regression test did not pick this up prior to putting it on the servers?
2) I found out about this through a podcast.  I'm a paying customer.  Where is the transparency that is required for trust between customer and service?

Like a very wise person with a background in distributed systems security – NO SYSTEM IS EVER SECURE if it has customers. iCloud, etc. included.

Dan C
June 24, 2011

Please explain what would be an acceptable response.

Take a look at your fav credit card.  The last time that bank had a breech, that didn't affect you, did they contact you?  Or did you hear about it from the evening news?  That day, the next, or a month later?  Did the bank fess up to the full details?  Why didn't you cancel that card?

Rjacobson
June 24, 2011

I didn't get an email.  I had to learn about this from a third party, like most people.

cjwworld
June 24, 2011

I understand your frustrations but perhaps they would learn something.  See the current Dropbox blog as they update their findings.  In the blog itself, if they do not see any unusual activity on an account they would not contact them.  Thats the decision they made on how to handle although, many are upset at their decision.

cjwworld
June 24, 2011

well, the users will drop but are you a betting man?  don't be like a politician and make forecast.  They will recover but not as before

cjwworld
June 24, 2011

they did update, see the bottom of their blog

cjwworld
June 24, 2011

they didn't

cjwworld
June 24, 2011

so what would be fair?  how much money should they give to 25 million users.  Sheesh.  They goofed up..

Joshua J Thomas
June 25, 2011

dropbox is a wonderful sharing tool under distributed systems. I am asking my students to use dropbox. However, it would be recommended to the dropbox team to update on security of auth., significantly and with customer satisfaction. hope this would not happend either.

w0qj
June 25, 2011

Good article – here is another Cloud Storage solution that lets your computer to fully encrypt your files before sending out:
With SugarSync, you get 5GB of cloud storage space with the FREE version, but now there is no restriction to the number of computers you can sync/backup (up from 2).
It gives you the ability to upload and sync any folder on your computer.
It is the only service that offers such a broad device and OS support with apps for BlackBerry, Android, iPhone/iPad, Symbian, not to mention your computer!
You can also stream MP3 music files to your smartphone or computer.

Also if you use the below referral code you get a bonus 500MB extra on top of your Free 5GB!

https://www.sugarsync.com/refe

Hope this helps someone!

Bill Sodeman
June 25, 2011

That's not a new article. Dropbox PR is a FAIL pile at this point.

Bill Sodeman
June 25, 2011

And how would you know?

Nope
June 25, 2011

So crappy PR implies it's a good product?

cjwworld
June 25, 2011

i was replying to his statement “I don't understand how it is claimed that everyone is notified”.  I don't see that claim anywhere.  Do you?

Andrew .
June 25, 2011

Lauren, Dropbox have now stated:

“[Update - Fri, 1:59pm] – Today we sent an email directly to users whose accounts were likely compromised during the recent security lapse. According to our records, there were fewer than a hundred affected users and neither account settings nor files were modified in any of these accounts.”

This would seem to contradict your belief that 200 files were inserted into your Dropbox subfolders during the password lapse. It could be that the new files were generated through legitimate activity in your Dropbox account sync network, or it could be that Dropbox ran their forensics AFTER you removed the suspicious files, given that you did so expediently. Or perhaps Dropbox is using “no files were modified in any of these accounts” to mean no *existing* files were modified.

Jonathan Ansell
June 26, 2011

Trust me… no-one wants Your data.
me and the guys have been looking through it and we think it sucks.

Jordan
June 26, 2011

I agree with many comments – I'm very saddened that you did not email me about this even if I was not effected. Instead, I had to find out about it almost a week after it happened. I wouldn't have freaked out – this happens to banks! – but I wish you would have been honest and forthcoming with such a serious situation, despite the fact that you caught it quickly and very few were effected. Perhaps sending out an email with an apology (for both the security problem AND the lack of email response) might put you back on the right track. I will still appreciate such a gesture while I'm figuring out whether to stay with you or not

Snokiedeath
June 26, 2011

shit happens. people learn. close call but still a happy camper. keep up the good work boys.

Selina
June 26, 2011

Hi this page is realy nice! in germany we have: http://www.neozero.de

lot of greetz♥

Cesar Zuniga Zuniga
June 27, 2011

Es lamentable escuchar que la información que les hemos confiado a ustedes la allan dejado al descubierto mientra que sistemas bancarios que deberían ser inexpugnables son hackeados convirtiéndose en casos inexcusables unto con compañias de Video Juegos, lo que nos muestra que sean servicios pagados o gratuitos muestran una carencia de seguridad por invertir mas en mercadotecnia que en materia de seguridad, nuestro deseo es que de este garrafal error aprendamos todos y que veamos la seriedad del asunto. http://goo.gl/AyZES

Pierroi
June 27, 2011

Did you know Sugarsync has  bad record of losing peoples files?
Hope this helps someone!

Pierroi
June 27, 2011

This has nothing to do with the current security issue…

#2… Dropbox is not there for collarboration but for synching…

Thann Banis
June 27, 2011

Agreed, all users should have been notified as soon as the problem was discovered, that way, anyone with info in their accounts that they didn't want others to see could hve pulled it out

Gsa
June 27, 2011

Not really necessary they fixed it 5 mins after they discovered it.  More that they should have kept their users informed of the event at least afterward so that we werent reading about it on other websites.

Gsa
June 27, 2011

Yeah ?

Rufoechevarri
June 27, 2011

Pero entonces nos jodemos?? tenemos que esperar a que ellos hagan algo y mientras???

Jbarelle
June 27, 2011

TodAy, I accessed my dropbox only to find that an x-rated .wmv file bad been uploaded from an unknown computer. What do you have to say about that? I wasnt one of those notified about any breach in security.

Björn Gustafsson
June 27, 2011

“Your files are backed-up, stored securely, and password-protected.”

Yeah, about that.

Lewys Jones
June 28, 2011

What the hell are you guys doing!?!

One thing after another.

Ben
June 28, 2011

That's what they've done. BUT, no email means no access. So if you weren't informed, there is absolutely no possibility you have a problem. If you got an email, it's just bad news.

kirfer
June 28, 2011

Bzzzzzt.

Logic fail.

thiet ke logo
June 28, 2011

anks for this great article

kreemer
June 28, 2011

I like to change all my passwords because i'm using 1password with dropbox sync feature… so… thanks :D

Trey
June 28, 2011

Where are the further updates?  Why haven't you emailed all users yet?  Why are you guys still trying to sweep this under the rug?

Guest
June 28, 2011

Removed my data from dropbox, and am no longer recommending it to anyone due to the handling of this security breach.

Bill Sodeman
June 29, 2011

At the very least, Dropbox should post a new blog article with an update.

Your One Tech Stop
June 29, 2011

WOW Dropbox! Im switching to Sugar Sync! And after all the nice things i read on http://ikejhamb.com/blog/dropb

CanadianDude2000
June 29, 2011

Here's my free, user-friendly dropbox system based on SVN (Windows only):
http://code.google.com/p/iqbox
It's open source, uses a standards-based SVN / HTTPS protocol and is easy to use. I'm releasing the next update tomorrow.
NOTE: This is still a far cry from all the features of dropbox like the web-based interface, but allows the basic syncing and partial delta uploads.

spiele verkaufen
June 29, 2011

Hi nice text :)

hannelore
June 29, 2011

Hey i´m from germany pleas visit my blog: http://www.neozero.de

greetz

Jbarelle
June 29, 2011

Me too.  Someone had access to my DropBox and uploaded an x-rated .wmv file (movie file)  No one has access to my DropBox but ME, or so I thought.  Now my folder is empty and I won't recommend it to anyone either.

Jbarelle
June 29, 2011

also, who knows if my sensitive data was compromised and files downloaded to that same unknown computer.  Heads will roll, if that's the case.

cs2001
June 30, 2011

Oh, come on: You should first learn how to program professional. Haven't seen such a crappy solution in some time.

cs2001
June 30, 2011

@Dropbox: If you want to have any last chance to regain my trust in your service: Post here, what you plan what crap like this never happens again.

cs2001
June 30, 2011

Thanks?!?!

ainstushar
June 30, 2011

Well thank you sir. :)

Guest
June 30, 2011

are you fucking kidding me?

bakgwei
June 30, 2011

I am very happy that I am using Sugarsync and not Dropbox…!

f you want to give it a shot, at the moment you get a whopping 5,5GB of free online storage forever if you use the following link to sign up: https://www.sugarsync.com/refe

byebyebirdie
June 30, 2011

I'll stay away from any company who thinks they're so big they don't give a damn about average users. 
Dropbox is big, and I don't see any sincere apology from the beginning, all they think about is them, how this affects their greatness, not us, how user may suffer. 
Trust me, it'll happen again, with this attitude.  Do I need Dropbox that much to hand over all my precious data?  Answer is NO.

wpaul42
June 30, 2011

Has anyone compared the security features of LiveKive? The introductory pricing looks pretty good too…

http://www.avg.com/ca-en/avg-l

John Bradshaw
June 30, 2011

So long Dropbox. Closing my account…..

Mouse
June 30, 2011

It would be nice if you guy made free accounts 5GB when signing up. 2GB is too low, especially when the standard amongst similar cloud services (SugarSync, Amazon Cloud, etc.) all give 5GB for free without having to get your friends to sign up.

Bill Sodeman
June 30, 2011

Dropbox made the NY Times editorial page today – and not in a good way. 

http://www.nytimes.com/2011/06

Gross
June 30, 2011

Seems as if the only people bitching about this security breach are those who have child porn in their folders. Might as well be called PedoBox.com. Pervs!

kevin batts
July 1, 2011

i can not log on becasue my password is not recognized neither will forgot pass word allow me to pull password I'm lot out of my dropbox via phone. can someone direct me to some help FAQ are not helping. Help me Please somebody   email me @ kevin.batts1.kb@gmail.com thank you somebody

Steve S
July 1, 2011

i AM IN THE SAME SITUATION!!

Asoka Dissanayake
July 2, 2011

I think users should upload media, text or other files with caution. It is best not to store sensitive material in DropBox. That way, even if a breach occurs, there will be no worry.

Bartlomiej
July 3, 2011

WOW Dropbox! Im switching to Sugar Sync!

Bartlomiej
July 3, 2011

WOW Dropbox! Im switching to Sugar Sync!

Slashene
July 3, 2011

I accept my data to be exposed to the world.
Why ?

1. Because it's not an hacker attack, so few skillful hacker would be able to dump all files in  only 4 hours without being prepared.
2. If an hacker get my data, chances are that he got 1000+ other account, so I have almost no chance to be stolen.
3. If an hacker look at my data, he need to find inside 60 000+ files where are the most important one. (All my password and bank account are stored in dropbox)

Asking 0% defect is utopious, and I'd say that you have way less chance to get your precious data stolen by this event then chances to get your precious data stolen by leaving your computer unlocked during coffee time.

Slashene
July 3, 2011

“ I believe the benefits to users’ peace of mind far out weigh the extra costs.”
No that’s wrong, I prefer my data to be less secure but more available and fast to download. Security is not the number one priority for everyone.

Dropboxy
July 3, 2011

Hi, you said that “the accounts that logged in during the period have been emailed with additional activity-related details for review.” Did you email only paying customers or also free users?

Daniel Srb
July 3, 2011

Enjoy their inferior experience.

If you're really concerned about security, encrypt the data yourself. Anywhere.

As stupid as this mistake is, it's mostly reminder, that you upload your data somewhere where you can't control them.

Daniel Srb
July 3, 2011

Enjoy their inferior experience.

If you're really concerned about security, encrypt the data yourself. Anywhere.

As stupid as this mistake is, it's mostly a reminder, that you upload your data somewhere where you can't control them.

Mick
July 4, 2011

i cant enter to my dropbox fromsome ios apps (plaintext, dropbox) with right password – right now! WTF???

JB
July 4, 2011

This is pretty outrageous.  It's becoming increasingly difficult to trust anything that you guys say.  When I signed up to Dropbox, I did so because your documentation implied that files were encrypted locally, and that you had no way of accessing them.

This turned out to be totally misleading.  You do keep copies of keys.  But the new documentation says

“we have a small number of employees who must be able to access user
data when legally required to do so. But that’s the exception, not the
rule. We have strict policy and technical access controls that prohibit
employee access except in these rare circumstances.”

This is also clearly untrue.  If it is possible for a code bug to create such a serious security bug as this, then I find it totally impossible to believe that your controls are sufficient to have any hope of preventing a malicious employee from accessing peoples files.

I'm gonna be closing my account, and recommending my friends do the same, on the grounds that you guys are showing all the signs of being both dishonest and incompetent.

The Hobbit
July 4, 2011

I'm a new user at Dropbox. I do not store sensitive data, such as bank account numbers and their passwords. I'm not dropping Dropbox, but am using it for non-sensitive files. My sensitive data is stored on a military-grade encrypted password protected USB Key. My backups to the same, are stored in a place where no one can find them.  …. From the Hobbit

zx81
July 4, 2011

Hello. I am quietly bemused at the level of outrage and righteous anger being generated by this latest manifestation of the technological revolution. Maybe it's justified, maybe it's not . Maybe the 925 million people going hungry in the world couldn't care less. **
But, as it happens, I have no idea what “Dropbox” is or what it does ( neither do I wish to), I do not and have never subscribed to it nor ever will. I have only arrived here via an email sent out of the blue telling me about these changes to terms and conditions,etc.
Now, because of a journalistic background I was curious – not least because there seems to be something fishy going on here. The email addressed me by a name ( not my own) I only ever use in my dealings with a UK broadcasting organisation, for privacy reasons. It is never used anywhere else.
So how does ' Dropbox' get to send me an email about their service when I have never had any contact before, and they're using a real email address and a 'unique' name, otherwise known only to the broadcasting organisation?
It surely wouldn't be that someone in the broadcasting organisation is selling email addresses either direct to 'Dropbox', or to an intermediary who then sells on to ' Dropbox', in a form of cold-calling whereby a proportion of those people contacted about changed T&Cs might just download ' Dropbox' and start subscribing?? Surely that wouldn't be ethical? Would it?
Would 'Dropbox' like to explain how I was contacted in this way, when I had never heard of it before?
I promise not to get too angry – I really DO have a life and luckily I am not hungry
===

**Source: http://www.worldhunger.org/art

Sakoon Jhamb
July 4, 2011

You know what! Im not using Sugar Sync, I switched to sugar sync after i read this and after a week i switched back, Sugar Sync is slow! Really, if ur on sugar sync read this: http://ikejhamb.com/blog/dropb… . It will make u switch back! DROPBOX FTW!

Guest
July 4, 2011

If, as a journalist, your boss came to you saying “I'm angry, your work recently has been really substandard”, would you say “Calm down!  There are 925million people in the world going hungry, I can't believe you are going on about something as unimportant as my work” ?

Of course, problems with Dropbox are insignificant compared to
925million people going hungry.  But, then so are more than 99.99% of
the things that anyone ever gets angry about.  By that logic, pretty
much no-one should get angry about anything they ever get angry about,
ever.

Anger and opinion is not a limited resource.  People can be (and I am) angry about both Dropbox's negligence and misleading marketting, AND starving people at the same time.  Conversely, I can't help hungry people by not being angry about Dropbox.  The two are totally disconnected.

zx81
July 4, 2011

Had I done so, dear Guest, I would have been just as
correct, as you acknowledge yourself, but probably out of work soon afterwards.
So as the checks and balances are totally different, the analogy doesn’t stack
up. But hey,  such philosophical
arguments are pointless. I’m not really interested in the detail of your
complaints, that’s up to you and Mr Dropbox. I’m totally out of the loop and
only curious as to how someone like me gets cold-called by this company.

Nevertheless I wish you good luck in getting a resolution to
something which is obviously very important to you.

cottsak
July 5, 2011

Get a grip buddy!

This is a cloud service so yes, you need to “trust” it if you want to use it. If you cant trust Dropbox go elsewhere. But save us from unsubstantiated fluff you clearly know little/nothing about – “If it is possible for a code bug to create such a serious security bug as this, then I find it totally impossible to believe that your controls are sufficient to have any hope of preventing a malicious employee from accessing peoples files.”

We can only trust that what the Dropbox guys are saying is true. There is no absolute method to test the assertions objectively save entering their premises and systems and doing a third party audit. The same trust is applied to your Gmail, Internet Banking and credit cards (implied or otherwise) – just at a different level. Give Dropbox a break and thank God it's not your money.

cottsak
July 5, 2011

Good luck with that

naomy
July 6, 2011

hey nice blog visit my new blog :) http://spiele-verkaufen-kaufen

Kirsi Stahlberg
July 7, 2011

Hi Dropbox team,

I was disappointed that I did not get the extra space for introducing new

account to you.

I do not want to continue as your customer for now, and hope that you can

terminate my account, straight away.

All the best for your business,

Kirsi

Marco Pivetta
July 8, 2011

Thanks for sharing this information. This is what I expected from you. Everyone has problems, but only those who have responsability has the courage to tell it.

Cashmoneydb
July 11, 2011

looking for extra money try paid surveys that actually send you a check in the mail just put this link in your browser.
http://91f96hlkjsfl6m9iy1wa4z6

Cashmoneydb
July 11, 2011

real writing jobs for bloggers and or people who love to write in general..
http://4ed41nunr0pubn1j4a7ao0x

Cashmoneydb
July 11, 2011

Brand New Site Design Increases Conversions. The No. 1 Home Jobs Site For Over 5 Years! 24/7 Live Help For Visitors.
http://a8a52h-ihrhrfta8k4smtm0

Cashmoneydb
July 11, 2011

Your Average Payout Now Boosted 30% With More Unusual Tricks Used On This Uncomfortable Website.
FAT BURNING FURNACE
http://6873amvljxavep2pu3i5x9n

Việt Long Plaza
July 13, 2011

bài này hay đấy, cảm ơn nha

Wackyedd
July 14, 2011

I would move over to Trend Micro SafeSync to be honest, security you can trust :-)

Carlo Alberto
July 21, 2011

I cannot understand all the ferocious critics to Dropbox tha I read in this article…
Of course this was a huge error and all the users expecting more attention to deliverable in the future, but guys do you Know what “internet” is?Do you use facebook?twitter?Gmail?apple devices?microsoft software?Playstation or Xbox users?Ebay or amazon buyers?
All services which use authentication on the web had several attack and several security problem (especially ones I told before…), of course it should not happen, but all should also know that mistakes are human…
I seriously hope that this kind of error would never happen again in this service, but dropbox team still have my trust, since they are providing one of the best free service avaiable, especially for cross platform compatibility…
I'm an IT manager, I receive all day long mail from people who thinks that “goofy” is a secure password and who thinks that a link sent by a very good friend is surely not a virus, so I know that “average users” usually are “dumb users”…
if you are so afraid for the security of your datas to start a “witch hunting” to dropbox team, please encrypt your files on
your HD and cut your network cable, because you are (and always be) exposed to
attacks just by connecting to the web…

Matthew Pappas
July 21, 2011

eCapture
Only Solutions:
http://www.BulkEmailAddresses.net
300% more effective!

Sakoon Jhamb
July 30, 2011

Really, sugar sync sucks!
read this http://ikejhamb.com/blog/dropb

cc1981
August 4, 2011

Well if you think you can do better, then churn out something like DropBox instead of being so rude.

Lost customer..
August 8, 2011

I’ve payed for Dropbox for 1 year, but now Ive quitted and shut down my account. I think you should all consider doing the same.

Nike Free Runs
August 10, 2011

Get barefoot without sacrificing the Nike Free 7.0 V2 all the benefits. Almost weightless, you will get the flexibility and feel of your floor buffer, the support you need to record miles.Breathable soft mesh uppers, lightweight construction support and flexible coverage flexibilityMinimal seam to reduce friction, asymmetrical lace system to reduce the pressure molding insole contours of the natural shape of the end footPhylite lightweight cushioning and enhanced flexibility and a large waffle stabilityRubber fill out the bottom of deep sipes durability and traction.

Five9s Inc
August 10, 2011

Seems like if you have sensitive data on dropbox, or any other cloud service site, you should just encrypt it yourself.  I do all my business in the 'cloud' and I encrypt my sensitive internal documents and I advise my clients to do the same thing.  Dropbox provides a really valuable service, to some at no cost, and the security is pretty good, as is their after the fact accounting.  I only wish that the first I'd heard about it was from dropbox and not some security blog.

Paul Higby
August 12, 2011

You spent an extraordinary amount of time and effort, including sources, to respond to a story that, by your own writing, is meaningless to you. 

Why don't you take some of that time and effort you have to spare and use it to feed someone?

Just curious: Do my kids qualify as “going hungry” because they said last night before bed that they were hungry? Even if they had a pretty righteous dinner of steak to celebrate my son's birthday? I think your “source” needs some qualification. Just sayin'.

GetaRealisticView
August 17, 2011

mmm strange how users hide their most precious things in a vault found in a shared public library for millions..in the name of FREE !!!

GetaRealisicView
August 17, 2011

PS Taking me jewels to the local food store in the hope no one can see all me blings hanging off me as i carry it round me kneck..I mean i can sue me local food store if someone breaks right..and so what if its free…come on people you need to take some responsibility here..

GetReal
August 17, 2011

PLEEEEEEEZE SOMEONE REMOVE THIS FREE LOADER…

GetReal
August 17, 2011

Carlo you gotta break it down in a way the USERS can understand..jargon free like cos they need it to relate..like er show me a secure house that did not pay for any security fittings..all the security you need, bolts locks camera alarms bars dogs man guards claude van dam..

ITS FREE PEOPLE..GET IT !!!

GetReal
August 17, 2011

condescending git..just the type of user that complained about his coffee holding tray does not come out anymore, packed the whole thing up, and sent it back..then bragged about it at the pub…bet your names noel. (jus in case that flew above your head knowall..)

janniferNY
August 24, 2011

I just paíd $20.87 for an íPad 2.64GB and my boyfriend loves his Panasoníc Lumíx GF 1 Cámera that we got for $38.79 there arriving tomorrow by UP S.I will never pay such expensive retail príces in stores again. Especially when I also sold a 40 inch LCD T V to my boss for $657 which only cost me $62.81 to buy.
Here is the website we use to get it all from : http://BidsBit.com

Bandman34
September 2, 2011

Hey,  I'm currently getting this error message when trying to download the program.  I have it saved under a different user account on this same computer (PC running XP), which i thought was the problem when I got the same message on my macbook.  Anybody recognize this or know what to do about it?

This XML file does not appear to have any style information associated with it. The document tree is shown below.<error>AccessDenied
<message>Access Denied</message>
<requestid>0C5D3898DC07A644</requestid>
<hostid>b2kov5XbAf3jSBrNtuzeadyCRKWh24beg2nU8Au8MSTdxeEiVzOKzRfaXuoYpjUt</hostid></error>

AlreadyWorried
September 16, 2011

I did not use dropbox or 1password, but my pc dropbox informs me that my 1password files were updated. Never saw the message before. Should I be Worried.

Tim Johnson
October 2, 2011

I've been a heavy Dropbox user & evangelist since the beginning. However, I *just* found out about this security issue today, ~3.5 months after it happened. Problem: I assumed that the Twitter (at)Dropbox account was being used for service notifications. In fact, Dropbox is so important to me that the Twitter account is 1 of only 3 accounts that I have SMS my cell phone.

So now I'm confused. What is the Twitter account for? It seems incomplete; I see tweets about moving data centers, maintenance, and changes to the TOS — but no mention of this issue. Why?

My recommendations:
1) Tweet every blog post.
2) Email EVERY customer when you have a security issue.

paleciak
October 2, 2011

WOW Dropbox! Im switching to Sugar Sync!

Kindlelover
October 5, 2011

how they can remove ?
[URL=http://printagiftcard.com/kind...]Kindle Gift Card[/URL]

Pflegedienst
October 7, 2011

Wow, this is disappointing. I only found out about this today (three months after the incident). Why did not everyone(!) get an email abou this. Bc. it is easier just to email the 1% of users who logged in during the window??? This casts serious doubt on your ability to keep my data safe. I will have to rethink my use of dropbox (after having told at least 20 people about it).

Pkharsh63
October 28, 2011

Well said

Charles
November 1, 2011

I am incredibly shocked with your posting skills as well as with the layout on your own web page.prepaid cards

Charles34665
November 1, 2011

This was really a very interesting and fun article to say the least. I really have enjoyed reading all of this great and fun informationDraggin' Kevlar jeans

George Insurace
November 1, 2011

Your software is  great and I love the free storage space!

Faith
November 3, 2011

This is an interesting article. Also,my company EZMCOM is conducting a survey to understand your business need and address the security requirement. Please click on the link http://www.surveymonkey.com/s/… to take this 1 minute survey. We also have lucky draw where we are giving 10 iPod Shuffles for those that complete the survey and LIKE & SHARE our http://facebook.com/ezmcom page

Alyssa
November 6, 2011

I am pretty happy to find this website. I’d like to thank you so much for this great read
breast augmentation san diego

Jackson Scholl
November 6, 2011

No, the reason why they didn't email everybody is because only 1% of users could possibly have been affected. If it is impossible for a certain user to be affected at all, then why would they want an email about it?

fixing my credit
November 10, 2011

It is a very informative and useful post thanks it is good material to read this post increases my knowledge

Jabba
November 13, 2011

some of my files in not shared folders got into other peoples folders that I didn't share anything with. scary….

Truonganhduongdn
November 15, 2011

great, i find a new store data online, i convernear

Claudia
November 16, 2011

Have forgotten “password”, however, system will not allow me to get/request new password, please contact clukrofka.nami@gmail.com and advise how to get a new password……thank you

Ngo Hoan
November 17, 2011

Hi!
Thanks Grear For Share

DienMayMediaMart
November 17, 2011

Hi Thanks!!!
Fantastic !!!!

Media Mart
November 17, 2011

hi thanks

jnomanh
November 21, 2011

I did not use dropbox or 1password, but my pc dropbox informs me that my 1password files were updated. Never saw the message before. Should I be Worried.

Tan nguyen minh
November 25, 2011

However, now there's another option if you own a Wii. http://xemphimonlines.com/

hotels
December 2, 2011

im pretty sure i had problems with it

TermLifeInsurance.com
December 4, 2011

You guys have a rockin product!

Clay Claiborne
December 11, 2011

I need help.  I had my computer serviced and cleaned after subscribing to Dropbox. It seem like I lost all my Documents in the process.  Where do I go to find my Documents? Thank you for your promp attention.

AmigoClay@msn.com

Thomas_riordan
December 13, 2011

After updating ibooks a few days ago I have been having problems. When I now download a pdf file from dropbox and open in ibooks it comes up “untitled”. I've only had this problem since the update to ibooks. I'm using ipad2

Aziz
December 30, 2011
background check
January 10, 2012

this is such a great thing to know 
We’re conducting a thorough investigation of related activity to understand whether any accounts were improperly accessed. If we identify any specific instances of unusual activity, we’ll immediately notify the account owner.”….more power

Xuan Nguyen
January 11, 2012

I’m currently getting this error message when trying to download the
program.  I have it saved under a different user account on this same
computer (PC running XP), which i thought was the problem when I got the
same message on my macbook

[url=http://thietkelogo.hangdau.vn/]Thiet ke
logo[/url]

Lenny
January 12, 2012

I see a lot of negative comments about your problems.  Have these been addressed recently?
Thanks

Thiet ke logo
January 13, 2012

Thanks for your article

affordable life insurance
January 14, 2012

Awesome!

Dafa
January 14, 2012

Thanks for the awesome update! Get Free NX Codes

handcrafted jewelry
January 15, 2012

mow your lawn

Fidelio Primo
January 16, 2012

is the first my word – thank you -
-

Paulinadede73
January 18, 2012

I see a lot of negative comments about your problems.  Have these been addressed recently?
Thanks

Alar411
January 19, 2012

Drop box, my file with all my business info is GONE.  It says empty!  What's going on.  This is a disaster for me

Samuel9934
January 20, 2012

could really incorporate this on to my website!

Valentines Day
January 20, 2012

Thanks for the update, sounds great!

doc to doc
January 20, 2012

This would be a fantastic addon!
Well done to the team

Piers
January 21, 2012

Any more recent update on this?

Piers
January 21, 2012

.

frans deawara
January 21, 2012

this is amazing. great from http://goo.gl/fjJo6 of http://goo.gl/gkDHO

Mobilegearuk
January 22, 2012

Need to improve you serp check out seo guildford as we have some fantastic servies

SEO
January 23, 2012

I love dropbox. Just wanted to say it and ask you to keep developing it as long as possible. It's a great tool and even if it still has some small bugs it's the best sharing tool. Thanks so much.

SEO Surrey
January 23, 2012

I could not live without drop box

Powerblock-Dumbbells
January 24, 2012

Dropbox is amazing!

Fitness Tips
January 26, 2012

Got to comment, it's just seems to be getting better for dropbox

commercial loans
February 1, 2012

You really have a unique way to pen down your thoughts.

drop box
February 3, 2012

We must use drop box :) cep telefonu

business loan rates
February 10, 2012

Interesting post. I have stumbled this for my friends. Hope others find it as interesting as I did.

Projektory multimedialne
February 14, 2012

Come on dropbox I hope you get a grip of yourself and fix those issues faster.

Personal Trainer London
February 18, 2012

This is an outstanding piece of software

Personal Trainer London
February 18, 2012

Really clever service, I use it a lot!

Personal Trainer London
February 18, 2012

indeed

que es el amor
February 19, 2012

You share valuable! I would like to thank you for sharing your thoughts and time into the stuff you post!! Thumbs up.

sildenafil
February 21, 2012

This is really great post and I love watch mr bean show

aetna california
February 22, 2012

I would like to thank you for the efforts you have made in writing this article -carla

loan rates
February 25, 2012

hola hola thx for site

Videospiele Verkaufen
February 25, 2012

Drop Box is Great !

Telefon ohne Internet
February 25, 2012

This is a great site !

Tee
February 25, 2012

Thanks for this site.

Tea
February 25, 2012

This is great lets have a tea.

Pheromone
February 25, 2012

Like this site !

Saugstube
February 25, 2012

Cool here.

Isabelamber
March 1, 2012

Springhill Group Home

Some genuinely interesting points you have written.Helped me a lot, just what I was looking for : D

cheap car insurance
March 4, 2012

This is a really good post. Must admit that you are amongst
the best bloggers I have read. Thanks for posting this informative article.
 

Forfait mobile
March 4, 2012

Interesting post. I have stumbled this for my friends. Hope others find it as interesting as I did.

 

Forfait sans engagement
March 9, 2012

I did not use dropbox or 1password, but my pc dropbox informs me that my
1password files were updated. Never saw the message before. Should I be
Worried.

Talking business is a good idea and I must appreciate your work here

Marzan
March 11, 2012

Dropbox is an awesome service. It has helped in various ways in providing a better data platform for my business.

Forfait mobile
March 12, 2012

 SpiderOak at least encrypts on the client side, too.

Odin Android
March 13, 2012

But accredited market that come with truly in regard to a first rate specific target. I enjoy this program learned how the site material, they beautiful & top to recognise faraway from.

Instagram Android
March 13, 2012

At this stage I've got a considerable amounts of to read your giant first-rate writed courses. You are for certain legend after blogging. I adore the work.

Casper87
March 20, 2012

so… free accounts don't have encrypted files right? :) 

kelly becker
March 20, 2012

That is genuinely helpful. I would like to ask if it would be Okay if I mentioned some of that on my own blog. Of course, I would credit you, and link back here also.
blog commenting service
Link building service

business loans
March 20, 2012

These blogs are very much useful for news 

Secret Story
March 23, 2012

Not all of us are just storing pics and songs.  We have dropbox for
teams for our small business.  Every single one of our client accounts
(with social security numbers) stored on dropbox.  If our clients knew
this we would have serious business risks, so I expect to hear about it
directly from the company, not a blog post from a third party.

alabama collection agency
March 23, 2012

I have full faith in the dropbox team. I am sure they will do the right thing for its users (mostly because we the users are its number one product).

We've been using dropbox for the past few months and love it. Our team is so much more productive this year.

Kubki reklamowe
March 27, 2012

I support the changes and keep up.

Kubki z nadrukiem
March 27, 2012

I'm glad that you have such a strong commitment to this topic.

Thiet ke logo
March 27, 2012

Like this site

cityondown
March 28, 2012
Ladkfa
March 30, 2012

 F*cking brilliant. People like you scare me… at the very list, use something with client side encryption like SpiderOak…

mythuat24h
April 1, 2012

I like post.

Thiet ke logo

backup assistant
April 4, 2012

Yeah, man I totally agree with you. I am going to try this for sure.

compte suisse
April 5, 2012

Thanks for sharing a information. Very nice and informative blog.

Organic Underwear
April 9, 2012

Awesome post! Great way to keep updated

Loibui
April 13, 2012

very plug-in useful, i like http://freshbrand.vn

Url Shortener
April 14, 2012

Always looking foward to new posts on here.

Thiet ke logo
April 16, 2012

Is Mythuat24h is the good graphic desgin company in Vietnam ?

Hologram Concert
April 18, 2012

Awesome Post!

Pola
April 18, 2012

Nice post!

Viaggi Vietnam
April 18, 2012

Thanks for your post. This is very useful for me. Your post is very clear and easy to understand. Can you share with us something more like this ??? I am waiting for your next post. Thanks

Thiet ke logo
April 18, 2012

The top Brand Creation Firm in Vietnam

Video drole
April 20, 2012

I
did not use dropbox or 1password, but my pc dropbox informs me that my
1password files were updated. Never saw the message before. Should I be
Worried.

Thiet ke logo
April 20, 2012

In my opinion, no update password exist

SQL TUTORIAL
April 21, 2012

We appreciate a work of the all people that share information
with me and others. My self really impressed with this blog. Very Simple and
clear explanation of issues is given and it is open for everyone.
 

African Mango
April 24, 2012

Really nice post. Looking forward to hearing more. 

African Mango
April 24, 2012

Reallu great post!

saas directory
April 25, 2012

I support the changes and keep up.

Xuan Anh
April 26, 2012

The post is informative

Saas
April 26, 2012
Student Health Insurance
April 29, 2012

Great write up! Can't wait to check out your other posts.

Venca Catalogo
April 30, 2012

I need help.  I had my computer serviced and cleaned after subscribing
to Dropbox. It seem like I lost all my Documents in the process.  Where
do I go to find my Documents? Thank you for your promp attention.

Thiet ke thuong hieu
May 1, 2012

 Please call IT worker to recover the data

Seth Bam
May 1, 2012

…………..

vTweet me
May 1, 2012

Awesome post! Really looking forward to new updates! 

http://fitnesshealthandmind.com  ” rel=”nofollow”>Core Workout

Hologram Concert
May 2, 2012

Cool Post

ITechWit
May 5, 2012

I'm glad that you report this information to us so that we can protect our account

BoltonHiTech
May 5, 2012

They didn't reply at all @c8c0e5b0754770c5e1f7419a0698ecff:disqus

Latest Top Jobs
May 5, 2012

I think they need to do something about this fast because I'm getting tired of this

Projektory multimedialne
May 5, 2012

Hope it will get better

Buy Twitter Followers
May 12, 2012

Really nice post. Love this blog! 

I have full faith in the dropbox team. I am sure they will do the right thing for its users.

Agree with your viewpoint! 

Just continue your good job dropbox, I am sure they will do the right thing for its users.

Romon Avaurs
May 23, 2012

 Dropbox is really changing a lot :(

rio orange
May 23, 2012

I am sure they will do the right thing for its users. 

numéro rio6
May 23, 2012

 Dropbox is revolutionning our world :D

dauanviet.net
June 1, 2012

cảm ơn đã chia sẻ những thông tin thú vi

dauanviet.net
June 1, 2012

cảm ơn đã chia sẻ những thông tin thú vi______________ dauanviet.net

dauanviet.net
June 4, 2012

nếu bạn nghĩ bạn có thể làm tốt hơn, sau đó sản xuất một cái gì đó như DropBox thay vào đó là rất thô lỗ.
http://www.dauanviet.net/

Sean
July 1, 2012

This should never have happened. We are scrutinizing our controls and
we will be implementing additional safeguards to prevent this from
happening again.

Vuongtieugiang
July 14, 2012

trang web này có rất nhiều ý tưởng hay. nhưng để thực hiện nó bạn cần có sức mạnh và niềm tin. Mời bạn truy cập vào trang web: http://tapchikinhdoanh24h.com để học theo những tấm gương thành công. cảm ơn

Thiet ke logo
July 14, 2012

 Trang web rất hay, nhưng nội dung còn lý thuyết quá

ve may bay tet 2013
July 20, 2012

cam ơn bạn

Steven Maniaci2
July 24, 2012

I don't know if what was done at Dropbox has anything to do worth my problem, but my current password DOES NOT WORK on my iPhone. Please respond ASAP so this problem can be rectified.

Thiết kế logo
July 25, 2012

I agree with the comments you made. Thiet ke logo

HenDeerelak
August 16, 2012

Скачать любые аси на мобильные телефону вот тут [url=http://writeart.ru]Jimm[/url] А так же полная база [url=http://draiverss.ru/]драйвера[/url] [u][url=http://cheapcigarettes24.biz/]cigarettes[/url][/u]

sizarrisk
August 17, 2012

[url=http://www.baptist.no/images/talkng-tom-240x320-indir.html]Talk?ng tom 240×320 indir[/url]
[url=http://www.baptist.no/images/new-avition-maintenance-contract-winner-fort-rucker.html]New avition maintenance contract winner fort rucker[/url]
[url=http://www.baptist.no/images/school-custodians-appreciation.html]School custodians appreciation[/url]
[url=http://www.baptist.no/images/pinay-kantutan-ofw.html]Pinay kantutan ofw[/url]
[url=http://www.baptist.no/images/thattathin-marayath-full-movie-part.html]Thattathin marayath full movie part[/url]

thattathin marayathe new full movie
cut off marks federal government college kabba jss1
tai game kpah pb moi nhat
ni mein chori chori song rab se sona
ansu.edu.net.ng registration form 20132nd choice

Flousatiala
August 18, 2012

[url=http://do18let.ru/]бесплатное порно[/url]

My Homepage
August 18, 2012

… [Trackback]…

[...] Informations on that Topic: blog.dropbox.com/index.php/yesterdays-authentication-bug/ [...]…

online mastering
August 19, 2012

Audio engineering is a promising career that gives immense prospect in movie, video clip production, audio broadcasting and promoting. Audio engineers use a number of recording gadgets these as large-tech microphones that are necessary to file even the slightest variations of sound.

The general notion of engineering relates to making bridges, buildings, roads and related variety of do the job. Most folks do not feel of audio engineering as a type of common engineering. Having said that, it is one particular of the best paying out work and has a lot of profitable individuals operating in the discipline. [url=http://medwaystudios.posterous.com]mastering electronic music tips[/url]

Audio conferencing has never had a technological know-how champion. The industry leader historically was the lethargic AT&T whose when modern Bell Labs dabbled with website technologies and then broke apart. The Toddler Bells carried on this tradition. Consequently, the sector has under no circumstances had an ground breaking advocate. A new breed of entrepreneurial innovators is starting a populist revolution.

AndyClewClubs
August 21, 2012

Salute ,

do you search for a [url=http://www.loans--payday.com/tag/payday-loan/]online Cash advance[/url] ??? here on this webpage you can promptly get a lender in no time :-)
Sometimes there are some emergencies in their life too.

[url=http://www.kummer-sorgen-forum.de/threads/get-money-easily.17274/]get money easily[/url]
[url=http://www.adminforums.com/index.php?threads/obtain-money-within-minutes.64/]obtain money within minutes[/url]
[url=http://www.6ems.com/%e9%9a%8f%e6%89%8b%e6%89%80%e5%86%99/198.html#comment-102]lend cash in no time[/url]

opponigreabe
August 22, 2012

Thank you
[url=http://fi.superpropecia.com/cialis-brand-8][color=white]buy mast generic[/color][/url]
[url=http://ph.superlevitraonline.com/cialis-brand-1][color=white]buy trisa cheap[/color][/url]

[...] a blog post, Dropbox CTO Arash Ferdowsi confirmed that the problem occurred and blamed it on “a code update … that introduced a bug affecting our authentication [...]

canthoinfo
August 26, 2012

Hey i´m from germany pleas visit my blog: http://www.canthoinfo.info
greetz

female car insurance
August 30, 2012

… [Trackback]…

[...] There you will find 70845 more Informations: blog.dropbox.com/index.php/yesterdays-authentication-bug/ [...]…

Google Latitude
September 1, 2012

… [Trackback]…

[...] Read More here: blog.dropbox.com/index.php/yesterdays-authentication-bug/ [...]…

Vegas Indoor Skydiving
September 4, 2012

… [Trackback]…

[...] Read More: blog.dropbox.com/index.php/yesterdays-authentication-bug/ [...]…

scott tucker amg
September 6, 2012

… [Trackback]…

[...] Find More Informations here: blog.dropbox.com/index.php/yesterdays-authentication-bug/ [...]…

d. scott tucker
September 9, 2012

… [Trackback]…

[...] Read More Infos here: blog.dropbox.com/index.php/yesterdays-authentication-bug/ [...]…

best internet income
September 12, 2012

… [Trackback]…

[...] Informations on that Topic: blog.dropbox.com/index.php/yesterdays-authentication-bug/ [...]…

Dao tao ke toan
September 13, 2012

Accounting training company in Vietnam

Thiet ke logo
September 13, 2012

Nice service

Porr
September 14, 2012

… [Trackback]…

[...] Informations on that Topic: blog.dropbox.com/index.php/yesterdays-authentication-bug/ [...]…

bilstein 5100
September 15, 2012

… [Trackback]…

[...] Read More: blog.dropbox.com/index.php/yesterdays-authentication-bug/ [...]…

website link
September 16, 2012

… [Trackback]…

[...] Find More Informations here: blog.dropbox.com/index.php/yesterdays-authentication-bug/ [...]…

… [Trackback]…

[...] Read More here: blog.dropbox.com/index.php/yesterdays-authentication-bug/ [...]…

Khách sạn Hà Nội
September 18, 2012

I like to share it, your very real and wonderful.

online marriage counseling
September 24, 2012

… [Trackback]…

[...] Find More Informations here: blog.dropbox.com/index.php/yesterdays-authentication-bug/ [...]…

ecigarette
September 24, 2012

… [Trackback]…

[...] Read More here: blog.dropbox.com/index.php/yesterdays-authentication-bug/ [...]…

txtmode
September 25, 2012

… [Trackback]…

[...] Read More Infos here: blog.dropbox.com/index.php/yesterdays-authentication-bug/ [...]…

Green Coffee Bean Extract
September 25, 2012

posts too absolute with me very like it

Green Coffee Bean Extract
September 25, 2012

posts too absolute with me very like it. thank you

Green Coffee Bean Extract
September 25, 2012

I think it’s a good idea

Green Coffee Bean Extract
September 25, 2012

I was in Vietnam,

best waterproof camera
September 25, 2012

Some don’t even support it as an option.

Funkie Diaz
September 25, 2012

we’ll immediately notify the account owner. If you’re concerned about
any activity that has occurred in your account, you can contact us at
support@dropbox.com.

http://www.photosprintedoncanvas.com

dfsdfsdf
September 26, 2012

dfdsfsdfdsddfsdsf

Anonymous
September 26, 2012
Go Here
September 26, 2012

… [Trackback]…

[...] Find More Informations here: blog.dropbox.com/index.php/yesterdays-authentication-bug/ [...]…

Missouri Payroll Accounting
September 26, 2012

… [Trackback]…

[...] Find More Informations here: blog.dropbox.com/index.php/yesterdays-authentication-bug/ [...]…

νυφικα 2012
September 29, 2012

… [Trackback]…

[...] Read More here: blog.dropbox.com/index.php/yesterdays-authentication-bug/ [...]…

parfum pas cher
September 30, 2012

… [Trackback]…

[...] There you will find 91301 more Infos: blog.dropbox.com/index.php/yesterdays-authentication-bug/ [...]…

quick cash loans
October 1, 2012

… [Trackback]…

[...] There you will find 24567 more Infos: blog.dropbox.com/index.php/yesterdays-authentication-bug/ [...]…

… [Trackback]…

[...] There you will find 36067 more Infos: blog.dropbox.com/index.php/yesterdays-authentication-bug/ [...]…

hotel deals
October 3, 2012

… [Trackback]…

[...] Read More: blog.dropbox.com/index.php/yesterdays-authentication-bug/ [...]…

bmx
October 3, 2012

… [Trackback]…

[...] Informations on that Topic: blog.dropbox.com/index.php/yesterdays-authentication-bug/ [...]…

… [Trackback]…

[...] Read More: blog.dropbox.com/index.php/yesterdays-authentication-bug/ [...]…

Sonhey
October 5, 2012

We’re conducting a thorough investigation of related activity to understand whether any accounts were improperly accessed. If we identify any specific instances of unusual activity, we’ll immediately notify the account owner. If you’re concerned about any activity that has occurred in your account, you can contact us at support@dropbox.com.

payday loan
October 11, 2012

… [Trackback]…

[...] There you will find 24724 more Infos: blog.dropbox.com/index.php/yesterdays-authentication-bug/ [...]…

cigarette electronique
October 11, 2012

… [Trackback]…

[...] Read More here: blog.dropbox.com/index.php/yesterdays-authentication-bug/ [...]…

gateau au yaourt
October 15, 2012

… [Trackback]…

[...] Find More Informations here: blog.dropbox.com/index.php/yesterdays-authentication-bug/ [...]…

[...] app that I know and love. I’ve been a huge user of DropBox for several years, despite several security issues. The service however, works amazingly and as a frequent traveler who has two desktops in two [...]

… [Trackback]…

[...] Read More Infos here: blog.dropbox.com/index.php/yesterdays-authentication-bug/ [...]…

… [Trackback]…

[...] There you will find 39559 more Infos: blog.dropbox.com/index.php/yesterdays-authentication-bug/ [...]…

Wisconsin
October 16, 2012

… [Trackback]…

[...] Read More here: blog.dropbox.com/index.php/yesterdays-authentication-bug/ [...]…

[...] June 19 there was a four-hour security glitch at Dropbox. During that four-hour period anyone could log into any account with any password. If someone knew [...]

Mythuat24h
November 26, 2012

Thanks for your post. Thiết kế logo

Homepage
December 8, 2012

… [Trackback]…

[...] Read More here: blog.dropbox.com/2011/06/yesterdays-authentication-bug/ [...]…

tattoo
December 23, 2012

… [Trackback]…

[...] Informations on that Topic: blog.dropbox.com/2011/06/yesterdays-authentication-bug/ [...]…

Alihussain
December 24, 2012

I am a newbie and your success is very much an inspiration for me.
Advertising agencies in Karachi | Advertising

my blog
December 27, 2012

… [Trackback]…

[...] Read More: blog.dropbox.com/2011/06/yesterdays-authentication-bug/ [...]…

cheap van insurance
December 27, 2012

… [Trackback]…

[...] Read More here: blog.dropbox.com/2011/06/yesterdays-authentication-bug/ [...]…

file sharing
December 28, 2012

… [Trackback]…

[...] Find More Informations here: blog.dropbox.com/2011/06/yesterdays-authentication-bug/ [...]…

… [Trackback]…

[...] Informations on that Topic: blog.dropbox.com/2011/06/yesterdays-authentication-bug/ [...]…

gelinlik
December 31, 2012

… [Trackback]…

[...] Read More here: blog.dropbox.com/2011/06/yesterdays-authentication-bug/ [...]…

… [Trackback]…

[...] Find More Informations here: blog.dropbox.com/2011/06/yesterdays-authentication-bug/ [...]…

… [Trackback]…

[...] There you will find 43791 more Infos: blog.dropbox.com/2011/06/yesterdays-authentication-bug/ [...]…

Homepage
January 8, 2013

… [Trackback]…

[...] Find More Informations here: blog.dropbox.com/2011/06/yesterdays-authentication-bug/ [...]…

stryker hip recall
January 12, 2013

… [Trackback]…

[...] Find More Informations here: blog.dropbox.com/2011/06/yesterdays-authentication-bug/ [...]…

… [Trackback]…

[...] Informations on that Topic: blog.dropbox.com/2011/06/yesterdays-authentication-bug/ [...]…

הובלות משרד
January 13, 2013

… [Trackback]…

[...] Find More Informations here: blog.dropbox.com/2011/06/yesterdays-authentication-bug/ [...]…

supercharger-electric.com
January 14, 2013

… [Trackback]…

[...] Read More Infos here: blog.dropbox.com/2011/06/yesterdays-authentication-bug/ [...]…

κατασκευη eshop
January 14, 2013

… [Trackback]…

[...] Find More Informations here: blog.dropbox.com/2011/06/yesterdays-authentication-bug/ [...]…

[...] Ferdowsi explaining the problem, what caused it, how it was fixed and who was affected in a Monday evening blog post. The company says that “as much as one per cent” of its 25 million-plus user accounts [...]

Google
February 8, 2013

Google…

[...]the time to study or visit the subject material or websites we’ve linked to beneath the[...]…

Electrician Seattle WA USA
February 9, 2013

Electrician Seattle WA USA…

[...]Sites of interest we have a link to[...]…

payday loans online
February 9, 2013

payday loans online…

[...]please stop by the web-sites we stick to, like this a single, as it represents our picks through the web[...]…

Physician Transcription
February 9, 2013

Physician Transcription…

I believe that is among the most significant information for me. And i am happy reading your article. However wanna commentary on few basic issues, The website style is perfect, the articles is really great : D. Excellent job, cheers…

Best hotels in Sharm el-Sheikh
February 10, 2013

Best hotels in Sharm el-Sheikh…

[...]we came across a cool website that you just might enjoy. Take a appear in case you want[...]…

hoho
February 10, 2013

hoho…

An additional issue is really that video gaming has become one of the all-time greatest forms of fun for people of any age. Kids enjoy video games, and adults do, too. The XBox 360 has become the favorite gaming systems for those who love to have a lot…

tips for exposed skin care
February 10, 2013

tips for exposed skin care…

[...]the time to read or take a look at the content or web pages we have linked to below the[...]…

gosedjur
February 10, 2013

gosedjur…

Have you ever thought about adding a little bit more than just your articles? I mean, what you say is fundamental and all. But think of if you added some great pictures or videos to give your posts more, “pop”! Your content is excellent but with pics…

nj decks
February 10, 2013

nj decks…

Just about all of what you say is astonishingly accurate and that makes me ponder why I had not looked at this with this light before. This piece truly did turn the light on for me personally as far as this specific subject matter goes. Nevertheless at…

best ninjatrader indicators
February 10, 2013

best ninjatrader indicators…

[...]always a significant fan of linking to bloggers that I appreciate but really don’t get a whole lot of link love from[...]…

best teeth
February 10, 2013

best teeth…

I like what you guys tend to be up too. This kind of clever work and coverage! Keep up the fantastic works guys I’ve you guys to my own blogroll….

acompanhantes rj
February 10, 2013

acompanhantes rj…

[...]please take a look at the web pages we adhere to, like this one, because it represents our picks in the web[...]…

phil fischer
February 11, 2013

phil fischer…

I have observed that car insurance corporations know the motors which are at risk from accidents and various risks. Additionally, these people know what style of cars are susceptible to higher risk and also the higher risk they’ve got the higher the p…

tantric massage london
February 11, 2013

tantric massage london…

[...]very handful of internet websites that occur to become comprehensive beneath, from our point of view are undoubtedly very well really worth checking out[...]…

tag heuer replica watches
February 11, 2013

tag heuer replica watches…

[...]please visit the web sites we stick to, such as this one particular, because it represents our picks from the web[...]…

wall decor
February 11, 2013

wall decor…

[...]we like to honor numerous other web web pages on the internet, even if they aren’t linked to us, by linking to them. Underneath are some webpages worth checking out[...]…

business online
February 11, 2013

business online…

I wanted to construct a simple remark to appreciate you for all the magnificent instructions you are showing at this website. My time-consuming internet look up has now been compensated with reliable ideas to talk about with my family and friends. I ‘…

pearly penile papules removal
February 12, 2013

pearly penile papules removal…

Thanks for your exciting article. One other problem is that mesothelioma cancer is generally attributable to the inhalation of material from asbestos, which is a extremely dangerous material. It truly is commonly seen among workers in the construction …

online magic shop
February 12, 2013

online magic shop…

[...]check below, are some entirely unrelated web sites to ours, on the other hand, they are most trustworthy sources that we use[...]…

goudkoers euro
February 12, 2013

goudkoers euro…

I’m not sure exactly why but this site is loading extremely slow for me. Is anyone else having this issue or is it a issue on my end? I’ll check back later and see if the problem still exists….

YAG laser marking machine
February 12, 2013

YAG laser marking machine…

[...]Wonderful story, reckoned we could combine some unrelated information, nevertheless actually really worth taking a appear, whoa did a single learn about Mid East has got extra problerms as well [...]…

erotic massage london
February 12, 2013

erotic massage london…

Thanks for your beneficial post. Over time, I have been able to understand that the symptoms of mesothelioma are caused by the actual build up of fluid between the lining of the lung and the chest muscles cavity. The sickness may start inside the chest…

property management in fresno
February 13, 2013

property management in fresno…

[...]Every when in a whilst we pick blogs that we read. Listed below would be the newest sites that we choose [...]…

จี้เพชร
February 13, 2013

จี้เพชร…

I think other site proprietors should take this site as an model, very clean and fantastic user genial style and design, as well as the content. You are an expert in this topic!…

the first 90 days
February 13, 2013

the first 90 days…

[...]Here are several of the web-sites we suggest for our visitors[...]…

kwiaciarnia internetowa warszawa…

Superb post however I was wondering if you could write a litte more on this subject? I’d be very thankful if you could elaborate a little bit further. Kudos!…

Online Jobs
February 14, 2013

Online Jobs…

Hey There. I found your blog using msn. This is an extremely neatly written article. I’ll make sure to bookmark it and return to read extra of your useful information. Thanks for the post. I’ll definitely return….

Internetreputation.com
February 14, 2013

Internetreputation.com…

[...]Sites of interest we have a link to[...]…

Fit Body Boot Camp Franchise
February 14, 2013

Fit Body Boot Camp Franchise…

Thanks for your tips about this blog. One particular thing I would choose to say is the fact that purchasing electronic devices items in the Internet is not new. The truth is, in the past few years alone, the market for online gadgets has grown conside…

Sameer Jejurikar
February 14, 2013

Sameer Jejurikar…

[...]the time to read or take a look at the content or websites we’ve linked to below the[...]…

haarfarben
February 14, 2013

haarfarben…

As a Newbie, I am permanently exploring online for articles that can help me. Thank you…

epoxy floor
February 14, 2013

epoxy floor…

[...]The info talked about within the post are several of the very best offered [...]…

buy cheap links
February 14, 2013

buy cheap links…

Unquestionably believe that which you said. Your favorite reason seemed to be on the web the easiest thing to be aware of. I say to you, I definitely get annoyed while people think about worries that they plainly don’t know about. You managed to hit t…

By Blood Betrayed
February 14, 2013

By Blood Betrayed…

[...]here are some hyperlinks to web-sites that we link to because we think they are really worth visiting[...]…

serverpronto coupon
February 15, 2013

serverpronto coupon…

[...]although websites we backlink to below are considerably not associated to ours, we feel they are actually worth a go through, so possess a look[...]…

sell home
February 15, 2013

sell home…

I’ve read a few just right stuff here. Certainly worth bookmarking for revisiting. I surprise how so much attempt you put to make any such great informative site….

child therapist austin
February 16, 2013

child therapist austin…

Hmm is anyone else experiencing problems with the images on this blog loading? I’m trying to determine if its a problem on my end or if it’s the blog. Any feed-back would be greatly appreciated….

www.HomeBusinessQuickStart.com
February 16, 2013

http://www.HomeBusinessQuickStart.com...

Fantastic website. Plenty of useful information here. I’m sending it to a few buddies ans also sharing in delicious. And certainly, thanks to your effort!…

here
February 16, 2013

here…

I’ll immediately clutch your rss feed as I can’t find your email subscription link or newsletter service. Do you’ve any? Please permit me realize in order that I may subscribe. Thanks….

thin asian breast implants natural look…

[...]Every the moment in a though we pick blogs that we read. Listed below would be the most current websites that we pick [...]…

Filmy na stiahnutie
February 17, 2013

Filmy na stiahnutie…

[...]one of our visitors just lately proposed the following website[...]…

pc repair swansea
February 17, 2013

pc repair swansea…

Thanks a lot for sharing this with all of us you actually know what you’re talking about! Bookmarked. Please also visit my web site =). We could have a link exchange agreement between us!…

Cheap Airsoft
February 17, 2013

Cheap Airsoft…

[...]just beneath, are several totally not related web sites to ours, however, they may be certainly really worth going over[...]…

zyzz
February 17, 2013

zyzz…

You could certainly see your enthusiasm within the work you write. The world hopes for even more passionate writers such as you who aren’t afraid to mention how they believe. Always follow your heart….

More Info
February 18, 2013

More Info…

I was curious if you ever considered changing the layout of your website? Its very well written; I love what youve got to say. But maybe you could a little more in the way of content so people could connect with it better. Youve got an awful lot of tex…

Free UK Classifieds
February 18, 2013

Free UK Classifieds…

There are some interesting cut-off dates in this article however I don’t know if I see all of them middle to heart. There is some validity however I will take maintain opinion until I look into it further. Good article , thanks and we want more! Added …

Webový magazín Vydáno.cz
February 18, 2013

Webový magazín Vydáno.cz…

I’ve learned a number of important things via your post. I would also like to express that there might be situation where you will make application for a loan and don’t need a co-signer such as a U.S. Student Aid Loan. But when you are getting financ…

TSX Today
February 18, 2013

TSX Today…

[...]below you will come across the link to some internet sites that we think you must visit[...]…

Irish Wedding Photography
February 19, 2013

Irish Wedding Photography…

[...]Here is a good Weblog You might Discover Fascinating that we Encourage You[...]…

Swansea carpets
February 19, 2013

Swansea carpets…

I’m just commenting to let you know what a extraordinary experience my wife’s girl enjoyed reading through your web site. She figured out numerous things, which include how it is like to have a great giving mood to make the others quite simply fully …

Conference Photography
February 19, 2013

Conference Photography…

You really make it seem really easy together with your presentation but I to find this topic to be really something which I feel I would never understand. It kind of feels too complex and very large for me. I’m having a look forward on your next put u…

how do i get laid
February 19, 2013

how do i get laid…

[...]The facts talked about in the article are some of the very best readily available [...]…

Oscars
February 19, 2013

Oscars…

Great blog! Do you have any helpful hints for aspiring writers? I’m planning to start my own site soon but I’m a little lost on everything. Would you suggest starting with a free platform like WordPress or go for a paid option? There are so many opti…

pay raise book
February 20, 2013

pay raise book…

Thanks for these tips. One thing I additionally believe is the fact credit cards presenting a 0% interest rate often lure consumers along with zero rate of interest, instant authorization and easy internet balance transfers, nonetheless beware of the r…

Garcinia Cambogia Extract Review…

[...]one of our guests not long ago encouraged the following website[...]…

Lesbian dating sites
February 20, 2013

Lesbian dating sites…

Yet another thing I would like to express is that in lieu of trying to fit all your online degree courses on times that you end work (as most people are exhausted when they get home), try to arrange most of your sessions on the saturdays and sundays an…

Wyoming Hotel for sale
February 20, 2013

Wyoming Hotel for sale…

[...]Sites of interest we’ve a link to[...]…

compare insurance quotes
February 20, 2013

compare insurance quotes…

When I initially commented I clicked the “Notify me when new comments are added” checkbox and now each time a comment is added I get three emails with the same comment. Is there any way you can remove people from that service? Cheers!…

i7 desktops
February 20, 2013

i7 desktops…

Hiya, I am really glad I have found this info. Today bloggers publish just about gossips and internet and this is actually irritating. A good blog with exciting content, this is what I need. Thank you for keeping this website, I will be visiting it. Do…

property managment in detroit
February 20, 2013

property managment in detroit…

[...]always a massive fan of linking to bloggers that I like but don’t get a great deal of link love from[...]…

Auto Auction Orlando
February 21, 2013

Auto Auction Orlando…

[...]always a huge fan of linking to bloggers that I enjoy but do not get a good deal of link really like from[...]…

rattenmann
February 21, 2013

rattenmann…

[...]please visit the internet sites we comply with, which includes this one particular, because it represents our picks from the web[...]…

teacher absence insurance
February 21, 2013

teacher absence insurance…

We absolutely love your blog and find the majority of your post’s to be just what I’m looking for. Does one offer guest writers to write content to suit your needs? I wouldn’t mind producing a post or elaborating on most of the subjects you write in…

cold sore remedies
February 21, 2013

cold sore remedies…

[...]below you will discover the link to some web pages that we think you ought to visit[...]…

pain on leg
February 21, 2013

pain on leg…

I’d must test with you here. Which isn’t something I usually do! I get pleasure from reading a submit that will make folks think. Additionally, thanks for allowing me to remark!…

Storage Building Cost
February 21, 2013

Storage Building Cost…

[...]Here are some of the web-sites we suggest for our visitors[...]…

jobs at home
February 21, 2013

jobs at home…

Great write-up, I am normal visitor of one’s site, maintain up the nice operate, and It’s going to be a regular visitor for a lengthy time….

SFP
February 22, 2013

SFP…

[...]The info talked about in the report are several of the top obtainable [...]…

mesothelioma compensation
February 22, 2013

mesothelioma compensation…

[...]one of our guests recently proposed the following website[...]…

AARRA Shop
February 22, 2013

AARRA Shop…

[...]check below, are some completely unrelated internet sites to ours, having said that, they’re most trustworthy sources that we use[...]…

Socorro Hotel near Bosque Del Apache…

you’re in reality a excellent webmaster. The website loading pace is amazing. It kind of feels that you’re doing any unique trick. In addition, The contents are masterpiece. you have done a magnificent task on this topic!…

synteco sorocaba
February 22, 2013

synteco sorocaba…

[...]Every after inside a though we pick blogs that we read. Listed beneath would be the newest websites that we choose [...]…

Most Ridiculous Lawsuits
February 22, 2013

Most Ridiculous Lawsuits…

[...]Sites of interest we’ve a link to[...]…

devize lucrari
February 22, 2013

devize lucrari…

[...]here are some links to web-sites that we link to since we believe they’re really worth visiting[...]…

Recepty pro každého!
February 22, 2013

Recepty pro každého!…

[...]Here is a superb Blog You might Come across Interesting that we Encourage You[...]…

webdesigner
February 22, 2013

webdesigner…

Hey There. I found your blog using msn. This is a very well written article. I’ll be sure to bookmark it and come back to read more of your useful information. Thanks for the post. I will certainly comeback….

contabilidade sorocaba
February 22, 2013

contabilidade sorocaba…

[...]please check out the web sites we follow, including this 1, because it represents our picks through the web[...]…

nettoyage causeuse
February 23, 2013

nettoyage causeuse…

[...]that may be the end of this write-up. Here you’ll come across some web pages that we believe you will appreciate, just click the hyperlinks over[...]…

annonces pour achat immobilier
February 23, 2013

annonces pour achat immobilier…

[...]The facts talked about in the report are a number of the most beneficial out there [...]…

Mortgage Lending
February 23, 2013

Mortgage Lending…

[...]please pay a visit to the internet sites we follow, like this one particular, because it represents our picks through the web[...]…

Német nyelvtanfolyam tanfolyam…

With havin so much content do you ever run into any problems of plagorism or copyright infringement? My website has a lot of unique content I’ve either authored myself or outsourced but it appears a lot of it is popping it up all over the web without …

tours are fun
February 23, 2013

tours are fun…

[...]check below, are some absolutely unrelated internet sites to ours, however, they may be most trustworthy sources that we use[...]…

learn spanish
February 23, 2013

learn spanish…

[...]the time to study or go to the material or internet sites we’ve linked to beneath the[...]…

Carter Hargrave
February 23, 2013

Carter Hargrave…

[...]always a huge fan of linking to bloggers that I adore but don’t get a whole lot of link adore from[...]…

egg whites international
February 23, 2013

egg whites international…

[...]please go to the sites we adhere to, which includes this one, as it represents our picks through the web[...]…

moving for less
February 23, 2013

moving for less…

Hello. fantastic job. I did not anticipate this. This is a excellent story. Thanks!…

Gastronomie
February 23, 2013

Gastronomie…

[...]Sites of interest we have a link to[...]…

great stock pix
February 24, 2013

great stock pix…

[...]check beneath, are some absolutely unrelated internet websites to ours, however, they are most trustworthy sources that we use[...]…

ver tarot
February 24, 2013

ver tarot…

[...]Wonderful story, reckoned we could combine several unrelated data, nevertheless really worth taking a look, whoa did 1 master about Mid East has got much more problerms as well [...]…

watch out scam
February 24, 2013

watch out scam…

[...]we came across a cool website that you simply may well appreciate. Take a look if you want[...]…

solta kroatien
February 24, 2013

solta kroatien…

Hi there are using WordPress for your site platform? I’m new to the blog world but I’m trying to get started and create my own. Do you require any html coding expertise to make your own blog? Any help would be greatly appreciated!…

tablet PC sales
February 24, 2013

tablet PC sales…

[...]very few sites that happen to be in depth below, from our point of view are undoubtedly properly worth checking out[...]…

visit our site
February 24, 2013

visit our site…

[...]the time to study or pay a visit to the content material or internet sites we have linked to beneath the[...]…

private tutor nyc
February 24, 2013

private tutor nyc…

[...]Sites of interest we’ve a link to[...]…

skin care san diego
February 24, 2013

skin care san diego…

Hello! I just wish to give a huge thumbs up for the good information you might have here on this post. I might be coming back to your blog for more soon….

Grupo Inventia
February 24, 2013

Grupo Inventia…

[...]below you’ll uncover the link to some web sites that we consider you’ll want to visit[...]…

marketing
February 24, 2013

marketing…

[...]just beneath, are a lot of totally not associated web pages to ours, nonetheless, they may be surely really worth going over[...]…

click this link
February 24, 2013

click this link…

[...]Sites of interest we’ve a link to[...]…

make money on internet
February 24, 2013

make money on internet…

[...]one of our guests not long ago advised the following website[...]…

sc lottery pick 3
February 24, 2013

sc lottery pick 3…

[...]The details talked about inside the article are some of the best accessible [...]…

friv
February 25, 2013

friv…

[...]below you’ll discover the link to some web sites that we feel you ought to visit[...]…

dentista cuiaba
February 25, 2013

dentista cuiaba…

[...]The info mentioned inside the article are several of the most effective obtainable [...]…

Pradeep Pachai
February 25, 2013

Pradeep Pachai…

[...]the time to read or visit the content material or websites we have linked to below the[...]…

best way to make money
February 25, 2013

best way to make money…

[...]Here is a good Weblog You may Come across Exciting that we Encourage You[...]…

Love in Kuwait
February 25, 2013

Love in Kuwait…

[...]that will be the finish of this report. Right here you will locate some internet sites that we assume you’ll value, just click the links over[...]…

Minneapolis replacement windows…

[...]we prefer to honor quite a few other online web pages around the internet, even though they aren’t linked to us, by linking to them. Under are some webpages worth checking out[...]…

colonie de vacances
February 25, 2013

colonie de vacances…

[...]Here is an excellent Weblog You may Come across Exciting that we Encourage You[...]…

business loan
February 25, 2013

business loan…

[...]although internet websites we backlink to beneath are considerably not connected to ours, we feel they may be really worth a go through, so have a look[...]…

Ford Focus Logo
February 25, 2013

Ford Focus Logo…

[...]Every when in a even though we select blogs that we read. Listed beneath would be the most up-to-date websites that we choose [...]…

cloruro magnesio propiedades curativas…

[...]The info talked about within the article are some of the most beneficial out there [...]…

Rally Drivers Names
February 25, 2013

Rally Drivers Names…

[...]Wonderful story, reckoned we could combine some unrelated information, nevertheless genuinely really worth taking a appear, whoa did one particular study about Mid East has got additional problerms at the same time [...]…

google apps android
February 25, 2013

google apps android…

[...]one of our visitors not too long ago recommended the following website[...]…

gay chat
February 25, 2013

gay chat…

We’re a bunch of volunteers and opening a brand new scheme in our community. Your website offered us with helpful info to work on. You have performed an impressive process and our whole community will be grateful to you….

divorce Minnesota
February 25, 2013

divorce Minnesota…

There are some interesting points in time in this article however I don’t know if I see all of them heart to heart. There may be some validity but I’ll take hold opinion till I look into it further. Good article , thanks and we would like more! Added …

medical marketing
February 25, 2013

medical marketing…

[...]that could be the end of this report. Here you’ll uncover some sites that we believe you will appreciate, just click the hyperlinks over[...]…

internet marketing
February 25, 2013

internet marketing…

[...]we came across a cool internet site that you just might appreciate. Take a look when you want[...]…

Law Firms Minnesota
February 25, 2013

Law Firms Minnesota…

Thanks for your article on this blog. From my very own experience, periodically softening right up a photograph could possibly provide the photographer with a chunk of an inspired flare. More often than not however, this soft cloud isn’t just what exa…

Stickers for Girls
February 25, 2013

Stickers for Girls…

[...]usually posts some incredibly interesting stuff like this. If you’re new to this site[...]…

web building
February 25, 2013

web building…

[...]Every once inside a even though we pick out blogs that we read. Listed below are the most up-to-date web pages that we select [...]…

Google Places
February 26, 2013

Google Places…

[...]The facts mentioned in the report are some of the very best readily available [...]…

gold chart
February 26, 2013

gold chart…

I have learned some important things through your blog post. One other point I would like to talk about is that there are plenty of games on the market designed mainly for preschool age youngsters. They include things like pattern acceptance, colors, c…

hair salons Bloomington IN
February 26, 2013

hair salons Bloomington IN…

[...]we came across a cool internet site that you could possibly take pleasure in. Take a appear should you want[...]…

Mikhail Chernyshov
February 26, 2013

Mikhail Chernyshov…

You made some good points there. I did a search on the matter and found mainly people will consent with your blog….

cloud hosting providers
February 26, 2013

cloud hosting providers…

[...]we came across a cool web-site that you simply could possibly love. Take a search when you want[...]…

Nissan Navara Roof Bar Decals
February 26, 2013

Nissan Navara Roof Bar Decals…

[...]The details mentioned within the article are several of the ideal accessible [...]…

gutters Tampa FL
February 26, 2013

gutters Tampa FL…

I love what you guys tend to be up too. This sort of clever work and coverage! Keep up the awesome works guys I’ve you guys to our blogroll….

Lifestyle
February 26, 2013

Lifestyle…

[...]Wonderful story, reckoned we could combine a number of unrelated information, nevertheless really worth taking a search, whoa did one learn about Mid East has got much more problerms too [...]…

High Definition Pictures
February 26, 2013

High Definition Pictures…

I must convey my respect for your kindness in support of individuals that require assistance with in this niche. Your real dedication to passing the solution all through had become extremely beneficial and has really enabled guys and women like me to a…

411 pain
February 26, 2013

411 pain…

[...]here are some links to websites that we link to simply because we feel they may be really worth visiting[...]…

Knight Elite orc Assault Free Online…

Thanks for giving your ideas. One thing is that pupils have an alternative between government student loan and a private student loan where it can be easier to select student loan online debt consolidation than over the federal education loan….

billabong boarding shorts sale
February 26, 2013

billabong boarding shorts sale…

[...]please stop by the web sites we follow, like this a single, because it represents our picks in the web[...]…

pneuventil pneumeřič duše
February 26, 2013

pneuventil pneumeřič duše…

[...]we came across a cool web-site that you just might appreciate. Take a search for those who want[...]…

Rally Window Stickers
February 26, 2013

Rally Window Stickers…

[...]although websites we backlink to below are considerably not associated to ours, we really feel they are actually worth a go by means of, so possess a look[...]…

what is seo
February 26, 2013

what is seo…

[...]here are some hyperlinks to internet sites that we link to because we believe they may be really worth visiting[...]…

Presseportal
February 26, 2013

Presseportal…

[...]Wonderful story, reckoned we could combine some unrelated information, nonetheless really worth taking a look, whoa did one study about Mid East has got more problerms too [...]…

photo ID Century City
February 26, 2013

photo ID Century City…

[...]Here is a good Weblog You may Come across Intriguing that we Encourage You[...]…

Kansas City web Design
February 26, 2013

Kansas City web Design…

[...]Here is a great Weblog You may Find Intriguing that we Encourage You[...]…

angličtina brno
February 26, 2013

angličtina brno…

[...]although sites we backlink to below are considerably not connected to ours, we feel they are truly really worth a go via, so have a look[...]…

elektronické cigarety
February 26, 2013

elektronické cigarety…

[...]Sites of interest we have a link to[...]…

purificadoras de agua
February 26, 2013

purificadoras de agua…

Good day I am so grateful I found your blog, I really found you by error, while I was researching on Bing for something else, Anyways I am here now and would just like to say many thanks for a marvelous post and a all round entertaining blog (I also lo…

Tough Mudder Electric Shocks Sydney…

[...]the time to read or check out the subject material or websites we’ve linked to beneath the[...]…

cosplay costumes
February 27, 2013

cosplay costumes…

[...]the time to study or take a look at the content or sites we have linked to beneath the[...]…

aluminium sand blasting machine…

Hello! Do you know if they make any plugins to safeguard against hackers? I’m kinda paranoid about losing everything I’ve worked hard on. Any suggestions?…

scania lorry graphics
February 27, 2013

scania lorry graphics…

[...]Sites of interest we’ve a link to[...]…

lace front wigs for black women…

[...]very couple of internet websites that come about to be in depth below, from our point of view are undoubtedly effectively worth checking out[...]…

notebooku
February 27, 2013

notebooku…

[...]please take a look at the internet sites we adhere to, such as this one, because it represents our picks through the web[...]…

epxbody
February 27, 2013

epxbody…

You are a very clever individual!…

Capital Funding Hard Money
February 27, 2013

Capital Funding Hard Money…

[...]Here are several of the websites we suggest for our visitors[...]…

water damage repair
February 27, 2013

water damage repair…

[...]The information and facts mentioned inside the post are a few of the most beneficial available [...]…

videography geelong
February 27, 2013

videography geelong…

[...]check beneath, are some completely unrelated web sites to ours, even so, they are most trustworthy sources that we use[...]…

Acer laptop screen
February 27, 2013

Acer laptop screen…

Hi, i think that i saw you visited my weblog thus i came to “return the desire”.I’m attempting to in finding issues to enhance my site!I guess its ok to use some of your ideas!!…

windows software download
February 27, 2013

windows software download…

[...]The information and facts mentioned inside the report are some of the most beneficial accessible [...]…

delage corvette
February 27, 2013

delage corvette…

[...]Wonderful story, reckoned we could combine a handful of unrelated data, nonetheless actually really worth taking a look, whoa did a single understand about Mid East has got extra problerms as well [...]…

bestquotes save up to 500$ on car ensurance…

[...]just beneath, are many completely not related websites to ours, even so, they may be surely really worth going over[...]…

make money
February 27, 2013

make money…

[...]always a big fan of linking to bloggers that I enjoy but really don’t get a lot of link like from[...]…

raynauds
February 27, 2013

raynauds…

[...]we came across a cool web site that you just may possibly delight in. Take a appear in case you want[...]…

pet boarding gainesville tx
February 27, 2013

pet boarding gainesville tx…

[...]Here are a few of the web-sites we advocate for our visitors[...]…

enemy nations guide
February 27, 2013

enemy nations guide…

[...]the time to study or stop by the material or web-sites we have linked to below the[...]…

cheap lace front wigs
February 27, 2013

cheap lace front wigs…

[...]although internet sites we backlink to below are considerably not associated to ours, we really feel they may be really really worth a go through, so possess a look[...]…

newegg price drop alerts
February 27, 2013

newegg price drop alerts…

Howdy! I know this is kind of off topic but I was wondering if you knew where I could locate a captcha plugin for my comment form? I’m using the same blog platform as yours and I’m having problems finding one? Thanks a lot!…

90 days
February 27, 2013

90 days…

[...]we like to honor many other web web pages on the web, even though they aren’t linked to us, by linking to them. Underneath are some webpages worth checking out[...]…

Hidden Job Market
February 27, 2013

Hidden Job Market…

[...]Here is an excellent Blog You might Come across Exciting that we Encourage You[...]…

dog boarding ardmore ok
February 28, 2013

dog boarding ardmore ok…

[...]here are some links to sites that we link to simply because we believe they may be worth visiting[...]…

logo design
February 28, 2013

logo design…

[...]Here is a superb Blog You might Uncover Exciting that we Encourage You[...]…

lingerie
February 28, 2013

lingerie…

I loved as much as you will receive performed right here. The caricature is tasteful, your authored material stylish. however, you command get bought an impatience over that you wish be handing over the following. in poor health no doubt come further i…

Mike Dillard
February 28, 2013

Mike Dillard…

[...]that will be the end of this report. Here you will discover some web-sites that we consider you’ll appreciate, just click the hyperlinks over[...]…

půjčovna dodávek minibusů a užitkových vozidel….

[...]Here is a superb Weblog You might Obtain Exciting that we Encourage You[...]…

fake oakley sunglasses
February 28, 2013

fake oakley sunglasses…

[...]we came across a cool internet site that you just may possibly appreciate. Take a appear in case you want[...]…

fashion
February 28, 2013

fashion…

[...]please pay a visit to the web-sites we adhere to, which includes this a single, as it represents our picks through the web[...]…

best diet plan for weight loss
February 28, 2013

best diet plan for weight loss…

[...]check below, are some entirely unrelated internet websites to ours, having said that, they may be most trustworthy sources that we use[...]…

Human Hair Wigs
February 28, 2013

Human Hair Wigs…

[...]Sites of interest we’ve a link to[...]…

fat loss
February 28, 2013

fat loss…

[...]Wonderful story, reckoned we could combine some unrelated information, nevertheless seriously worth taking a appear, whoa did 1 master about Mid East has got extra problerms too [...]…

Poker Strategy
February 28, 2013

Poker Strategy…

Great beat ! I wish to apprentice while you amend your site, how could i subscribe for a blog website? The account helped me a applicable deal. I were tiny bit familiar of this your broadcast provided vibrant transparent idea…

women hair wigs
February 28, 2013

women hair wigs…

[...]always a big fan of linking to bloggers that I enjoy but do not get a lot of link appreciate from[...]…

mobile marketing
February 28, 2013

mobile marketing…

[...]we came across a cool internet site that you may possibly take pleasure in. Take a appear in the event you want[...]…

nike free 3 womens
March 1, 2013

nike free 3 womens…

Wow, amazing blog layout! How long have you been blogging for? you made blogging look easy. The overall look of your site is wonderful, let alone the content!…

top fat burning foods for men…

[...]Sites of interest we have a link to[...]…

web design advice
March 1, 2013

web design advice…

I have learned new things through your blog post. Also a thing to I have recognized is that in many instances, FSBO sellers may reject you actually. Remember, they’d prefer to never use your products and services. But if an individual maintain a relia…

social bookmarking
March 1, 2013

social bookmarking…

[...]Here are a few of the internet sites we advise for our visitors[...]…

San Francisco Computer Store…

[...]usually posts some very exciting stuff like this. If you are new to this site[...]…

dating tips
March 1, 2013

dating tips…

[...]Here is a superb Weblog You might Uncover Fascinating that we Encourage You[...]…

oxyelite
March 1, 2013

oxyelite…

[...]just beneath, are quite a few entirely not related web-sites to ours, even so, they are certainly worth going over[...]…

social media
March 1, 2013

social media…

[...]just beneath, are quite a few absolutely not connected web sites to ours, however, they are certainly worth going over[...]…

what is the best way to lose weight…

[...]here are some links to websites that we link to since we assume they are really worth visiting[...]…

Robert Peric
March 1, 2013

Robert Peric…

My brother suggested I might like this website. He was totally right. This post actually made my day. You can not imagine just how much time I had spent for this information! Thanks!…

salsa
March 1, 2013

salsa…

[...]Wonderful story, reckoned we could combine a number of unrelated data, nonetheless definitely really worth taking a look, whoa did a single study about Mid East has got far more problerms as well [...]…

BP oil spill claims
March 1, 2013

BP oil spill claims…

Hi there would you mind stating which blog platform you’re using? I’m looking to start my own blog in the near future but I’m having a tough time making a decision between BlogEngine/Wordpress/B2evolution and Drupal. The reason I ask is because your…

gold buyers
March 1, 2013

gold buyers…

[...]please stop by the web pages we follow, which includes this 1, as it represents our picks in the web[...]…

Keynote Photography
March 1, 2013

Keynote Photography…

[...]we came across a cool website that you could enjoy. Take a appear for those who want[...]…

Adelaide Website
March 1, 2013

Adelaide Website…

[...]Here is an excellent Weblog You might Obtain Interesting that we Encourage You[...]…

top supplement
March 1, 2013

top supplement…

[...]please pay a visit to the websites we adhere to, including this one, as it represents our picks through the web[...]…

dugi guide
March 1, 2013

dugi guide…

[...]very couple of websites that come about to be comprehensive below, from our point of view are undoubtedly properly worth checking out[...]…

bucuo
March 1, 2013

bucuo…

Heya i’m for the first time here. I came across this board and I find It truly useful & it helped me out a lot. I hope to give something back and help others like you helped me….

anti aging serum
March 1, 2013

anti aging serum…

[...]we came across a cool web-site that you simply may well delight in. Take a look in the event you want[...]…

Vending Locator
March 2, 2013

Vending Locator…

[...]we came across a cool web site that you just may possibly appreciate. Take a search should you want[...]…

sal
March 2, 2013

sal…

[...]the time to read or visit the content or web pages we have linked to beneath the[...]…

Das beste Potenzmittel
March 2, 2013

Das beste Potenzmittel…

Thanks for the guidelines shared on the blog. Something else I would like to express is that losing weight is not information about going on a fad diet and trying to get rid of as much weight as you’re able in a couple of days. The most effective way …

buy twitter followers
March 2, 2013

buy twitter followers…

[...]below you’ll uncover the link to some websites that we believe you’ll want to visit[...]…

market research panels
March 2, 2013

market research panels…

[...]The information and facts talked about inside the post are some of the very best readily available [...]…

xelerated guides
March 2, 2013

xelerated guides…

[...]just beneath, are various absolutely not connected sites to ours, even so, they are surely worth going over[...]…

Robert Peric
March 2, 2013

Robert Peric…

Thanks a lot for sharing this with all people you really understand what you are speaking approximately! Bookmarked. Please also talk over with my site =). We may have a hyperlink alternate arrangement between us!…

electric skateboards
March 2, 2013

electric skateboards…

[...]Wonderful story, reckoned we could combine some unrelated data, nonetheless truly really worth taking a search, whoa did one learn about Mid East has got extra problerms at the same time [...]…

carpet cleaning
March 2, 2013

carpet cleaning…

[...]Sites of interest we’ve a link to[...]…

raw c
March 2, 2013

raw c…

[...]usually posts some pretty interesting stuff like this. If you are new to this site[...]…

how to get free cell phone service…

[...]The information talked about within the post are some of the best accessible [...]…

Hillview Peak Brochure
March 2, 2013

Hillview Peak Brochure…

Excellent site. Lots of helpful information here. I’m sending it to some pals ans additionally sharing in delicious. And naturally, thank you on your effort!…

On-line cz skateshop
March 2, 2013

On-line cz skateshop…

Thank you for this article. I might also like to state that it can possibly be hard when you are in school and merely starting out to create a long credit standing. There are many college students who are simply just trying to make it through and have …

cottage garden
March 2, 2013

cottage garden…

[...]Every as soon as in a whilst we decide on blogs that we study. Listed beneath are the most up-to-date web-sites that we choose [...]…

kosmetika
March 2, 2013

kosmetika…

It’s appropriate time to make some plans for the longer term and it is time to be happy. I have read this submit and if I could I desire to recommend you some fascinating issues or advice. Perhaps you can write subsequent articles regarding this artic…

family lawyer houston
March 2, 2013

family lawyer houston…

[...]The data mentioned within the report are several of the most beneficial accessible [...]…

conveyor
March 2, 2013

conveyor…

[...]just beneath, are several totally not connected web-sites to ours, nevertheless, they are certainly worth going over[...]…

Fair Oaks realtor
March 2, 2013

Fair Oaks realtor…

[...]the time to read or stop by the subject material or web sites we have linked to beneath the[...]…

sell my own house
March 3, 2013

sell my own house…

you’ve got an incredible weblog here! would you like to make some invite posts on my weblog?…

japanese butler cafes video…

[...]Sites of interest we’ve a link to[...]…

exterior doors
March 3, 2013

exterior doors…

[...]Sites of interest we’ve a link to[...]…

http://www.interwebzcollection.wordpress.com/

Good day! This is my first visit to your blog! We are a team of volunteers and starting a new initiative in a community in the same niche. Your blog provided us useful information to work on. You have done a extraordinary job!…

Zig Ziglar
March 3, 2013

Zig Ziglar…

[...]here are some links to web sites that we link to mainly because we assume they are worth visiting[...]…

hand bags fund raising companies…

[...]Here is a superb Blog You might Find Interesting that we Encourage You[...]…

What does hmu mean
March 3, 2013

What does hmu mean…

[...]always a significant fan of linking to bloggers that I adore but do not get a great deal of link really like from[...]…

nasil yakisikli olunur
March 3, 2013

nasil yakisikli olunur…

[...]always a large fan of linking to bloggers that I really like but really don’t get quite a bit of link like from[...]…

yorkshire photographers
March 3, 2013

yorkshire photographers…

I’ve been surfing on-line greater than 3 hours lately, yet I never found any attention-grabbing article like yours. It is beautiful worth enough for me. Personally, if all web owners and bloggers made just right content as you probably did, the web wi…

Android Reviews
March 3, 2013

Android Reviews…

[...]always a significant fan of linking to bloggers that I like but don’t get quite a bit of link appreciate from[...]…

bachelor degree in singapore…

[...]we like to honor quite a few other internet sites on the internet, even when they aren’t linked to us, by linking to them. Under are some webpages really worth checking out[...]…

dress
March 3, 2013

dress…

[...]the time to study or take a look at the subject material or web sites we’ve linked to below the[...]…

Computer Support Companies in Orlando Florida…

[...]Every when in a while we decide on blogs that we study. Listed below would be the most recent web pages that we decide on [...]…

Neill Marangi
March 3, 2013

Neill Marangi…

[...]below you’ll discover the link to some web sites that we assume you ought to visit[...]…

Dlouhé porno free ke zhlédnutí…

[...]although internet websites we backlink to below are considerably not associated to ours, we feel they may be essentially really worth a go by, so possess a look[...]…

education entrepreneurship…

[...]check beneath, are some entirely unrelated web-sites to ours, having said that, they’re most trustworthy sources that we use[...]…

Landlord Insurance San Diego…

[...]we prefer to honor many other internet web sites on the web, even if they aren’t linked to us, by linking to them. Beneath are some webpages really worth checking out[...]…

scary maze game 3
March 4, 2013

scary maze game 3…

[...]The data mentioned in the post are a few of the most beneficial readily available [...]…

scary games
March 4, 2013

scary games…

Wow! Thank you! I always wanted to write on my blog something like that. Can I implement a portion of your post to my blog?…

yournetbiz scam
March 4, 2013

yournetbiz scam…

[...]we prefer to honor quite a few other web web pages around the internet, even if they aren’t linked to us, by linking to them. Beneath are some webpages worth checking out[...]…

pepperfry discount coupons…

[...]very couple of internet sites that happen to become in depth below, from our point of view are undoubtedly effectively really worth checking out[...]…

britannia hotel manchester…

Can I just say what a aid to search out someone who really knows what theyre talking about on the internet. You undoubtedly know easy methods to convey an issue to gentle and make it important. Extra individuals have to read this and perceive this side…

champaign il estate buyer…

[...]the time to study or take a look at the content or sites we have linked to beneath the[...]…

springfield il estate buyer…

[...]usually posts some incredibly intriguing stuff like this. If you’re new to this site[...]…

antique buyers springfield il…

[...]usually posts some incredibly interesting stuff like this. If you are new to this site[...]…

Legal moneylenders
March 4, 2013

Legal moneylenders…

[...]very handful of web-sites that happen to become comprehensive below, from our point of view are undoubtedly nicely really worth checking out[...]…

game
March 4, 2013

game…

[...]very couple of web-sites that come about to become in depth below, from our point of view are undoubtedly well really worth checking out[...]…

motorhome insurance comparison…

[...]Wonderful story, reckoned we could combine several unrelated data, nonetheless definitely really worth taking a look, whoa did one study about Mid East has got more problerms also [...]…

dress
March 4, 2013

dress…

you are in point of fact a just right webmaster. The site loading speed is incredible. It kind of feels that you are doing any unique trick. Also, The contents are masterpiece. you’ve performed a great task in this matter!…

antiques decatur illinois…

[...]we came across a cool web page that you may possibly love. Take a appear should you want[...]…

decatur il estate buyer
March 4, 2013

decatur il estate buyer…

[...]one of our guests not long ago proposed the following website[...]…

make your own house music…

Thanks for another wonderful article. Where else could anyone get that type of information in such an ideal way of writing? I’ve a presentation next week, and I’m on the look for such info….

Haraj
March 4, 2013

Haraj…

Howdy are using WordPress for your blog platform? I’m new to the blog world but I’m trying to get started and create my own. Do you need any coding knowledge to make your own blog? Any help would be greatly appreciated!…

torch lighters for cigars…

[...]Here is an excellent Weblog You might Find Exciting that we Encourage You[...]…

Hi
March 4, 2013

Hi…

[...]one of our guests a short while ago recommended the following website[...]…

bartley ridge
March 5, 2013

bartley ridge…

[...]Wonderful story, reckoned we could combine several unrelated data, nevertheless really worth taking a look, whoa did 1 understand about Mid East has got far more problerms too [...]…

Winnipeg SEO
March 5, 2013

Winnipeg SEO…

[...]Wonderful story, reckoned we could combine a handful of unrelated data, nonetheless truly really worth taking a look, whoa did a single discover about Mid East has got extra problerms as well [...]…

Frank-Michael Preuss
March 5, 2013

Frank-Michael Preuss…

[...]we like to honor a lot of other online sites around the web, even though they aren?t linked to us, by linking to them. Below are some webpages really worth checking out[...]…

mmoga discount
March 5, 2013

mmoga discount…

[...]always a significant fan of linking to bloggers that I really like but don’t get a whole lot of link like from[...]…

Internet Marketing Blog
March 5, 2013

Internet Marketing Blog…

[...]Sites of interest we have a link to[...]…

check it out
March 5, 2013

check it out…

[...]Here is a superb Blog You might Come across Interesting that we Encourage You[...]…

champaign il estate buyers…

[...]one of our visitors recently advised the following website[...]…

mobile app development companies…

[...]the time to study or visit the subject material or internet sites we’ve linked to below the[...]…

electrician apprenticeship seattle…

Pretty section of content. I just stumbled upon your web site and in accession capital to assert that I acquire actually enjoyed account your blog posts. Any way I will be subscribing to your augment and even I achievement you access consistently quick…

new music 2013
March 5, 2013

new music 2013…

[...]below you will find the link to some sites that we believe you need to visit[...]…

prilosec
March 5, 2013

prilosec…

[...]please pay a visit to the internet sites we adhere to, which includes this one particular, as it represents our picks from the web[...]…

replacement windows vancouver…

[...]although web-sites we backlink to beneath are considerably not related to ours, we really feel they may be basically really worth a go by way of, so possess a look[...]…

antiques champaign il
March 5, 2013

antiques champaign il…

[...]usually posts some pretty fascinating stuff like this. If you’re new to this site[...]…

seattle electrician
March 5, 2013

seattle electrician…

Another thing I’ve really noticed is always that for many people, poor credit is the results of circumstances above their control. For instance they may happen to be saddled through an illness so that they have higher bills going to collections. It wo…

vancouver replacement windows…

[...]very few sites that transpire to be in depth below, from our point of view are undoubtedly very well really worth checking out[...]…

injury lawyers WA
March 6, 2013

injury lawyers WA…

[...]that is the finish of this write-up. Right here you’ll find some web-sites that we feel you will enjoy, just click the hyperlinks over[...]…

vitamin d deficiency symptoms…

[...]just beneath, are various entirely not associated web-sites to ours, nonetheless, they may be surely really worth going over[...]…

3 mobile
March 6, 2013

3 mobile…

[...]Here is a good Blog You may Come across Intriguing that we Encourage You[...]…

Quickest Way To Lose Weight…

[...]just beneath, are numerous absolutely not associated internet sites to ours, nevertheless, they’re certainly worth going over[...]…

new song 2013
March 6, 2013

new song 2013…

I as well as my pals were actually looking through the best tricks located on the website and so suddenly got a terrible feeling I never thanked the blog owner for them. My boys had been happy to learn all of them and already have really been enjoying …

herni hosting
March 6, 2013

herni hosting…

I have observed that costs for online degree gurus tend to be a fantastic value. For instance a full 4-year college Degree in Communication from The University of Phoenix Online consists of 60 credits from $515/credit or $30,900. Also American Intercon…

How to start a record label…

[...]we like to honor quite a few other net internet sites around the web, even if they aren’t linked to us, by linking to them. Below are some webpages really worth checking out[...]…

mobile phone
March 6, 2013

mobile phone…

[...]Here is a great Blog You might Find Intriguing that we Encourage You[...]…

injury attorney Seattle WA…

[...]that will be the end of this write-up. Here you’ll find some web-sites that we assume you’ll appreciate, just click the hyperlinks over[...]…

inchirieri vase
March 6, 2013

inchirieri vase…

[...]below you will come across the link to some internet sites that we feel you must visit[...]…

Neutral Nappy Cakes
March 6, 2013

Neutral Nappy Cakes…

[...]that will be the finish of this write-up. Right here you’ll come across some web sites that we think you’ll enjoy, just click the hyperlinks over[...]…

buy viagra
March 6, 2013

buy viagra…

[...]Wonderful story, reckoned we could combine a couple of unrelated data, nonetheless definitely worth taking a search, whoa did one particular discover about Mid East has got much more problerms also [...]…

how can I get out of debts?…

[...]always a massive fan of linking to bloggers that I adore but do not get a good deal of link love from[...]…

best supplements
March 6, 2013

best supplements…

[...]just beneath, are a lot of entirely not related websites to ours, even so, they are certainly really worth going over[...]…

how do I get a pension?
March 6, 2013

how do I get a pension?…

[...]check below, are some absolutely unrelated internet websites to ours, however, they may be most trustworthy sources that we use[...]…

http://my.opera.com/juveniletraditi21/blog/2013/03/05/work-place-conflict?firstpost=Y

[...]here are some links to web pages that we link to mainly because we assume they’re really worth visiting[...]…

krmiva pro Vaše miláčky…

I’m truly enjoying the design and layout of your website. It’s a very easy on the eyes which makes it much more enjoyable for me to come here and visit more often. Did you hire out a designer to create your theme? Outstanding work!…

Which Life Insurance
March 6, 2013

Which Life Insurance…

Hello my friend! I wish to say that this article is amazing, nice written and include approximately all important infos. I’d like to see more posts like this….

top weight loss supplements…

[...]the time to study or go to the content or internet sites we’ve linked to beneath the[...]…

https://www.blogher.com/node/add/blog

[...]usually posts some very fascinating stuff like this. If you’re new to this site[...]…

online slots uk
March 7, 2013

online slots uk…

[...]Sites of interest we have a link to[...]…

Email marketing
March 7, 2013

Email marketing…

Hi there! I know this is somewhat off topic but I was wondering if you knew where I could get a captcha plugin for my comment form? I’m using the same blog platform as yours and I’m having trouble finding one? Thanks a lot!…

Snag Job
March 7, 2013

Snag Job…

[...]here are some links to internet sites that we link to mainly because we think they are worth visiting[...]…

包茎手術 大阪
March 7, 2013

包茎手術 大阪…

[...]usually posts some pretty intriguing stuff like this. If you are new to this site[...]…

Best anti aging cream
March 7, 2013

Best anti aging cream…

[...]very couple of internet sites that happen to become detailed below, from our point of view are undoubtedly effectively worth checking out[...]…

Книга по праву на тему “Жертвоприношение …

Simply want to say your article is as astonishing. The clarity for your submit is simply nice and that i could think you are a professional on this subject. Fine with your permission allow me to seize your feed to keep up to date with approaching post….

news
March 7, 2013

news…

[...]we prefer to honor many other internet websites on the net, even though they aren’t linked to us, by linking to them. Underneath are some webpages really worth checking out[...]…

salsa
March 7, 2013

salsa…

[...]here are some links to web pages that we link to because we consider they are worth visiting[...]…

geneve
March 7, 2013

geneve…

[...]The data talked about inside the article are several of the top obtainable [...]…

how to lose weight naturally and fast…

[...]Wonderful story, reckoned we could combine a couple of unrelated information, nevertheless actually worth taking a search, whoa did one discover about Mid East has got extra problerms at the same time [...]…

http://classyending7471.sosblogs.com/The-first-blog-b1/work-place-conflict-b1-p3.htm

[...]just beneath, are numerous absolutely not related internet sites to ours, however, they may be certainly worth going over[...]…

best yoga teacher training course…

[...]please pay a visit to the websites we comply with, like this 1, because it represents our picks through the web[...]…

Hair Extensions Brighton
March 7, 2013

Hair Extensions Brighton…

Can I simply say what a reduction to seek out someone who actually is aware of what theyre speaking about on the internet. You positively know how to deliver a problem to mild and make it important. More individuals have to learn this and perceive this…

earn money online
March 7, 2013

earn money online…

[...]Here are some of the web-sites we suggest for our visitors[...]…

buying youtube views
March 7, 2013

buying youtube views…

[...]Here are a number of the internet sites we recommend for our visitors[...]…

ian grabiner
March 8, 2013

ian grabiner…

[...]always a massive fan of linking to bloggers that I love but do not get a lot of link like from[...]…

payday loans
March 8, 2013

payday loans…

Thanks for your post. One other thing is that if you are advertising your property all on your own, one of the problems you need to be alert to upfront is just how to deal with property inspection reviews. As a FSBO seller, the key to successfully movi…

Blue Hawaiian Helicopters kona…

[...]Every as soon as inside a while we choose blogs that we read. Listed below would be the latest sites that we decide on [...]…

thiet ke logo
March 8, 2013

thiet ke logo…

[...]Wonderful story, reckoned we could combine several unrelated information, nonetheless actually worth taking a look, whoa did a single understand about Mid East has got extra problerms as well [...]…

SEO Packages
March 8, 2013

SEO Packages…

This really answered my problem, thanks!…

website source
March 8, 2013

website source…

[...]although web sites we backlink to beneath are considerably not associated to ours, we feel they’re truly worth a go by means of, so have a look[...]…

jual jasa backlink
March 8, 2013

jual jasa backlink…

[...]we prefer to honor quite a few other internet websites on the net, even though they aren’t linked to us, by linking to them. Beneath are some webpages really worth checking out[...]…

Alternative education
March 8, 2013

Alternative education…

[...]the time to read or go to the material or sites we’ve linked to beneath the[...]…

Job Security
March 8, 2013

Job Security…

[...]Sites of interest we have a link to[...]…

uppingham school
March 8, 2013

uppingham school…

[...]Every the moment in a whilst we decide on blogs that we study. Listed below would be the most up-to-date web sites that we pick out [...]…

free membership for xbox live…

[...]Wonderful story, reckoned we could combine a few unrelated data, nonetheless really really worth taking a search, whoa did one master about Mid East has got far more problerms also [...]…

fillerbehandling i stockholm…

hello!,I like your writing so much! share we communicate more about your post on AOL? I need an expert on this area to solve my problem. Maybe that’s you! Looking forward to see you….

personal trainers in dc
March 8, 2013

personal trainers in dc…

[...]although internet websites we backlink to below are considerably not associated to ours, we really feel they are essentially worth a go by, so have a look[...]…

hawaiian helicopters ride…

[...]Wonderful story, reckoned we could combine a couple of unrelated information, nonetheless genuinely really worth taking a appear, whoa did 1 learn about Mid East has got more problerms also [...]…

cause of ringing in ears
March 8, 2013

cause of ringing in ears…

[...]here are some hyperlinks to web pages that we link to because we believe they may be worth visiting[...]…

more info
March 8, 2013

more info…

[...]one of our guests recently recommended the following website[...]…

Timeshare
March 8, 2013

Timeshare…

[...]Here are several of the web-sites we advise for our visitors[...]…

how to save money
March 8, 2013

how to save money…

I was more than happy to seek out this net-site.I wished to thanks on your time for this glorious learn!! I definitely having fun with each little bit of it and I’ve you bookmarked to take a look at new stuff you weblog post….

Haraj Cars
March 8, 2013

Haraj Cars…

[...]one of our guests a short while ago recommended the following website[...]…

blue hawaiian helicopters…

Thanks for expressing your ideas right here. The other element is that whenever a problem arises with a pc motherboard, people should not take the risk involving repairing this themselves for if it is not done correctly it can lead to irreparable damag…

frank kern scam
March 9, 2013

frank kern scam…

[...]The information and facts mentioned inside the post are some of the ideal readily available [...]…

http://willingfascist927.wordpress.com/2013/03/09/office-place/

[...]below you’ll uncover the link to some web sites that we feel you ought to visit[...]…

http://willingfascist927.blog.com/2013/03/09/office-place/

[...]although websites we backlink to below are considerably not associated to ours, we really feel they’re in fact really worth a go by way of, so possess a look[...]…

Werbung
March 9, 2013

Werbung…

[...]Here are several of the web pages we advise for our visitors[...]…

hawaiian helicopters ride…

I would like to thnkx for the efforts you have put in writing this site. I am hoping the same high-grade blog post from you in the upcoming also. In fact your creative writing skills has inspired me to get my own web site now. Actually the blogging is …

best online slots
March 9, 2013

best online slots…

[...]here are some links to web pages that we link to simply because we assume they’re really worth visiting[...]…

dejtingsajt
March 9, 2013

dejtingsajt…

[...]Sites of interest we’ve a link to[...]…

Davenport FL homes for sale…

[...]The details talked about inside the post are some of the best readily available [...]…

bonds man
March 9, 2013

bonds man…

[...]Wonderful story, reckoned we could combine a number of unrelated data, nonetheless really worth taking a search, whoa did 1 understand about Mid East has got extra problerms as well [...]…

jeremy madvin
March 9, 2013

jeremy madvin…

[...]just beneath, are several completely not related web sites to ours, nonetheless, they’re surely really worth going over[...]…

abc blinds
March 9, 2013

abc blinds…

[...]The info talked about inside the report are a few of the most effective out there [...]…

…Links…

[...]Wow, fantastic weblog structure! How lengthy have you ever been running a blog for?[...]…

bail bondsman
March 9, 2013

bail bondsman…

[...]The data mentioned within the report are several of the very best out there [...]…

webhosting, www stranky, seo servis, flash…

webhosting, www stranky, seo servis, flash…

HVAC Heating Air
March 9, 2013

HVAC Heating Air…

[...]Here is a good Blog You may Find Exciting that we Encourage You[...]…

Vše pro malé závodníky!…

Vše pro malé závodníky!…

article marketing
March 9, 2013

article marketing…

Valuable info. Lucky me I found your web site by accident, and I am shocked why this accident did not happened earlier! I bookmarked it….

Online Marketing Augusta
March 9, 2013

Online Marketing Augusta…

Today, I went to the beach front with my children. I found a sea shell and gave it to my 4 year old daughter and said “You can hear the ocean if you put this to your ear.” She put the shell to her ear and screamed. There was a hermit crab inside and …

betsoft slots online
March 9, 2013

betsoft slots online…

[...]we prefer to honor quite a few other online websites around the internet, even though they aren’t linked to us, by linking to them. Below are some webpages really worth checking out[...]…

Suzuki Jeeps for Sale
March 9, 2013

Suzuki Jeeps for Sale…

[...]The details talked about in the post are a few of the most effective available [...]…

HP-01
March 9, 2013

HP-01…

[...]Sites of interest we’ve a link to[...]…

online gambling
March 9, 2013

online gambling…

[...]below you will uncover the link to some web-sites that we think it is best to visit[...]…

diploma in business uptrend college…

[...]although sites we backlink to beneath are considerably not associated to ours, we really feel they’re in fact really worth a go by, so have a look[...]…

simarc
March 9, 2013

simarc…

[...]The information talked about inside the report are a number of the best readily available [...]…

article marketing
March 9, 2013

article marketing…

One thing I have actually noticed is the fact that there are plenty of fallacies regarding the financial institutions intentions while talking about foreclosure. One fantasy in particular is that often the bank wishes to have your house. The financial …

san antonio bail bonds
March 10, 2013

san antonio bail bonds…

[...]Here are a number of the sites we advise for our visitors[...]…

mafia2 multiplayer server m2mp…

mafia2 multiplayer server m2mp…

Slevový kupón
March 10, 2013

Slevový kupón…

Slevový kupón…

article marketing
March 10, 2013

article marketing…

I appreciate, cause I found exactly what I was looking for. You’ve ended my 4 day long hunt! God Bless you man. Have a nice day. Bye…

Augusta Web Sites
March 10, 2013

Augusta Web Sites…

I have been exploring for a bit for any high-quality articles or blog posts on this sort of area . Exploring in Yahoo I at last stumbled upon this web site. Reading this information So i am happy to convey that I’ve a very good uncanny feeling I disco…

Cheap Used HD Projectors
March 10, 2013

Cheap Used HD Projectors…

[...]the time to study or go to the material or web pages we’ve linked to below the[...]…

multiple symptom checker
March 10, 2013

multiple symptom checker…

[...]the time to read or visit the subject material or web pages we’ve linked to beneath the[...]…

forums
March 10, 2013

forums…

[...]Here are a number of the internet sites we advise for our visitors[...]…

http://www.twitter.com/PedroTheActor

[...]below you’ll discover the link to some web pages that we assume you’ll want to visit[...]…

ladbrookes free bet
March 10, 2013

ladbrookes free bet…

[...]very few internet websites that come about to become in depth below, from our point of view are undoubtedly properly worth checking out[...]…

Pimp C
March 10, 2013

Pimp C…

[...]check below, are some totally unrelated web-sites to ours, even so, they’re most trustworthy sources that we use[...]…

RP Generator
March 10, 2013

RP Generator…

[...]Sites of interest we’ve a link to[...]…

bad credit pay day loans
March 10, 2013

bad credit pay day loans…

[...]although internet websites we backlink to beneath are considerably not related to ours, we feel they’re essentially worth a go by means of, so possess a look[...]…

asbestos management kent
March 10, 2013

asbestos management kent…

[...]Here is a great Weblog You may Come across Exciting that we Encourage You[...]…

Used HP Indigo
March 10, 2013

Used HP Indigo…

[...]Wonderful story, reckoned we could combine a number of unrelated information, nonetheless definitely worth taking a appear, whoa did one particular master about Mid East has got additional problerms also [...]…

baby cloth
March 10, 2013

baby cloth…

[...]very few web-sites that come about to become detailed beneath, from our point of view are undoubtedly well worth checking out[...]…

article marketing
March 10, 2013

article marketing…

I have discovered some significant things through your blog post post. One other thing I would like to mention is that there are many games out there designed mainly for preschool age young children. They contain pattern acceptance, colors, pets, and f…

http://quaintroad4569.wordpress.com/2013/03/09/advantages/

[...]please take a look at the web-sites we adhere to, like this a single, as it represents our picks from the web[...]…

simarc
March 10, 2013

simarc…

[...]The details talked about within the write-up are some of the most effective available [...]…

article marketing
March 10, 2013

article marketing…

Write more, thats all I have to say. Literally, it seems as though you relied on the video to make your point. You clearly know what youre talking about, why waste your intelligence on just posting videos to your site when you could be giving us someth…

contract lawyer
March 10, 2013

contract lawyer…

I was just searching for this information for a while. After six hours of continuous Googleing, finally I got it in your site. I wonder what is the lack of Google strategy that don’t rank this kind of informative sites in top of the list. Normally the…

Women's French Connection
March 11, 2013

Women’s French Connection…

[...]usually posts some incredibly fascinating stuff like this. If you’re new to this site[...]…

uk pay day loans
March 11, 2013

uk pay day loans…

[...]Wonderful story, reckoned we could combine a number of unrelated information, nevertheless seriously really worth taking a appear, whoa did 1 learn about Mid East has got a lot more problerms as well [...]…

dildos
March 11, 2013

dildos…

Heya this is kind of of off topic but I was wondering if blogs use WYSIWYG editors or if you have to manually code with HTML. I’m starting a blog soon but have no coding skills so I wanted to get advice from someone with experience. Any help would be …

elderly housing
March 11, 2013

elderly housing…

[...]Every once inside a whilst we decide on blogs that we study. Listed beneath are the most recent sites that we opt for [...]…

MCA SCAM
March 11, 2013

MCA SCAM…

[...]The details mentioned in the post are some of the most beneficial out there [...]…

Eonshenton
March 11, 2013

Eonshenton…

[...]we prefer to honor a lot of other world wide web websites on the web, even when they aren’t linked to us, by linking to them. Underneath are some webpages worth checking out[...]…

lose fat fast
March 11, 2013

lose fat fast…

[...]the time to read or visit the content or web pages we’ve linked to beneath the[...]…

catholic jobs
March 11, 2013

catholic jobs…

[...]the time to read or pay a visit to the content material or sites we’ve linked to beneath the[...]…

lesbian love
March 11, 2013

lesbian love…

I wanted to compose you the little bit of remark to be able to say thanks over again just for the lovely secrets you’ve featured at this time. It is certainly seriously generous of people like you to deliver freely what exactly many people might have …

Autoservis, pneuservis – Bystřice u Benešova….

Autoservis, pneuservis – Bystřice u Benešova….

cheap Ralph Lauren polo shirts…

[...]Here is a great Weblog You might Find Intriguing that we Encourage You[...]…

Antony Morato clothing
March 11, 2013

Antony Morato clothing…

[...]very handful of web-sites that take place to become detailed beneath, from our point of view are undoubtedly properly really worth checking out[...]…

hostgator commissions
March 11, 2013

hostgator commissions…

[...]Wonderful story, reckoned we could combine a couple of unrelated information, nonetheless definitely worth taking a search, whoa did a single learn about Mid East has got more problerms as well [...]…

kennel gainesville tx
March 11, 2013

kennel gainesville tx…

Hi, Neat post. There is a problem with your website in internet explorer, would test this… IE still is the market leader and a big portion of people will miss your excellent writing due to this problem….

Brautkleider
March 11, 2013

Brautkleider…

[...]we came across a cool web page that you may get pleasure from. Take a appear in the event you want[...]…

one month loan
March 11, 2013

one month loan…

[...]please check out the websites we stick to, such as this one particular, as it represents our picks through the web[...]…

full article
March 11, 2013

full article…

you will have a fantastic blog here! would you prefer to make some invite posts on my blog?…

pregnancy skincare
March 11, 2013

pregnancy skincare…

[...]usually posts some incredibly exciting stuff like this. If you are new to this site[...]…

swim toys
March 11, 2013

swim toys…

Thanks for your write-up on the vacation industry. I might also like contribute that if you are one senior thinking of traveling, its absolutely crucial to buy travel insurance for older persons. When traveling, retirees are at high risk being in need …

hanfsamen geschält
March 11, 2013

hanfsamen geschält…

[...]the time to read or go to the content material or internet sites we have linked to beneath the[...]…

Ralph Lauren pas cher
March 11, 2013

Ralph Lauren pas cher…

[...]Wonderful story, reckoned we could combine a handful of unrelated information, nevertheless really really worth taking a search, whoa did a single find out about Mid East has got a lot more problerms also [...]…

créer une facture
March 12, 2013

créer une facture…

[...]we came across a cool web-site that you could possibly love. Take a appear in the event you want[...]…

Ralph Lauren Camisas
March 12, 2013

Ralph Lauren Camisas…

[...]always a major fan of linking to bloggers that I love but do not get quite a bit of link like from[...]…

Google
March 12, 2013

Google…

just beneath, are quite a few completely not related web sites to ours, nonetheless, they are certainly really worth going over…

Seattle Events Calendar
March 12, 2013

Seattle Events Calendar…

Whats up very cool website!! Man .. Beautiful .. Amazing .. I’ll bookmark your blog and take the feeds additionally…I’m happy to find a lot of helpful info here in the publish, we’d like work out extra techniques on this regard, thank you for sharin…

african mango reviews
March 12, 2013

african mango reviews…

[...]very couple of web sites that occur to be in depth below, from our point of view are undoubtedly nicely really worth checking out[...]…

paydayloan
March 12, 2013

paydayloan…

[...]The info mentioned in the report are some of the very best readily available [...]…

online payday loans
March 12, 2013

online payday loans…

[...]just beneath, are numerous absolutely not related web-sites to ours, however, they’re surely really worth going over[...]…

Cestovní,pojištění,Nový Zeland,levně…

Cestovní,pojištění,Nový Zeland,levně…

click here
March 12, 2013

click here…

Hello there, You’ve done an excellent job. I will definitely digg it and in my view suggest to my friends. I’m confident they’ll be benefited from this website….

Branding
March 13, 2013

Branding…

[...]Here are a number of the web pages we advocate for our visitors[...]…

one month loan
March 13, 2013

one month loan…

[...]one of our visitors lately proposed the following website[...]…

http://www.dailystrength.org/people/2704966/journal

[...]one of our visitors not too long ago encouraged the following website[...]…

north carolina
March 13, 2013

north carolina…

[...]here are some hyperlinks to internet sites that we link to simply because we believe they’re really worth visiting[...]…

football jerseys wholesale…

[...]Wonderful story, reckoned we could combine some unrelated information, nonetheless definitely worth taking a look, whoa did a single master about Mid East has got a lot more problerms as well [...]…

seo nj
March 13, 2013

seo nj…

Yet another issue is that video gaming has become one of the all-time most significant forms of recreation for people spanning various ages. Kids play video games, and also adults do, too. Your XBox 360 is amongst the favorite gaming systems for those …

here you will find out
March 13, 2013

here you will find out…

[...]Sites of interest we have a link to[...]…

hypnose montreux
March 13, 2013

hypnose montreux…

[...]below you will find the link to some web sites that we think it is best to visit[...]…

hypnose lausanne
March 13, 2013

hypnose lausanne…

[...]below you’ll come across the link to some internet sites that we assume you need to visit[...]…

paydayloan
March 13, 2013

paydayloan…

[...]we came across a cool web-site that you might enjoy. Take a look in the event you want[...]…

Secured loans UK
March 13, 2013

Secured loans UK…

[...]Sites of interest we have a link to[...]…

gangnam style
March 13, 2013

gangnam style…

[...]Wonderful story, reckoned we could combine a couple of unrelated data, nonetheless definitely really worth taking a appear, whoa did a single learn about Mid East has got more problerms as well [...]…

perfumes
March 14, 2013

perfumes…

[...]Every when in a when we opt for blogs that we read. Listed below are the latest web sites that we opt for [...]…

dieet
March 14, 2013

dieet…

[...]Every once inside a when we pick blogs that we read. Listed beneath are the latest sites that we pick [...]…

nike free 4.0 sales
March 14, 2013

nike free 4.0 sales…

I’m not sure where you are getting your information, but great topic. I needs to spend some time learning much more or understanding more. Thanks for wonderful information I was looking for this information for my mission….

round photo frames
March 14, 2013

round photo frames…

[...]Here is a great Weblog You may Locate Exciting that we Encourage You[...]…

how to make money on youtube…

[...]check beneath, are some entirely unrelated internet websites to ours, however, they are most trustworthy sources that we use[...]…

touch panel
March 14, 2013

touch panel…

Simply desire to say your article is as astonishing. The clearness in your post is simply cool and i could assume you are an expert on this subject. Fine with your permission let me to grab your feed to keep updated with forthcoming post. Thanks a mill…

hypnosis
March 14, 2013

hypnosis…

Simply desire to say your article is as astonishing. The clearness in your post is simply cool and i can assume you’re an expert on this subject. Fine with your permission allow me to grab your feed to keep updated with forthcoming post. Thanks a mill…

Castelli
March 14, 2013

Castelli…

[...]check beneath, are some completely unrelated sites to ours, even so, they are most trustworthy sources that we use[...]…

iraqi dinar
March 14, 2013

iraqi dinar…

[...]please visit the web sites we comply with, like this one particular, as it represents our picks through the web[...]…

Adriano Zumbo Balmain
March 14, 2013

Adriano Zumbo Balmain…

Thanks for your recommendations on this blog. 1 thing I wish to say is the fact purchasing gadgets items from the Internet is certainly not new. In truth, in the past several years alone, the market for online electronic products has grown a great deal…

Guarana,Stimulanty,léčivé bylinky,Afrodiziaka…

Guarana,Stimulanty,léčivé bylinky,Afrodiziaka…

heating
March 14, 2013

heating…

[...]Here are several of the websites we suggest for our visitors[...]…

Erotické pomůcky
March 14, 2013

Guarana,Stimulanty,léčivé bylinky,Afrodiziaka…

Guarana,Stimulanty,léčivé bylinky,Afrodiziaka…

pure leverage scam
March 14, 2013

pure leverage scam…

[...]one of our guests just lately proposed the following website[...]…

masser prostate
March 14, 2013

masser prostate…

[...]Here is an excellent Weblog You may Obtain Intriguing that we Encourage You[...]…

best way to lose weight
March 14, 2013

best way to lose weight…

[...]very few internet sites that take place to be in depth beneath, from our point of view are undoubtedly effectively worth checking out[...]…

escort london
March 14, 2013

escort london…

I’m still learning from you, as I’m making my way to the top as well. I definitely liked reading all that is written on your site.Keep the information coming. I liked it!…

boot camp at home workout
March 14, 2013

boot camp at home workout…

[...]Here is a superb Blog You might Obtain Exciting that we Encourage You[...]…

push present
March 14, 2013

push present…

I’ve come across that these days, more and more people are being attracted to camcorders and the industry of pictures. However, as a photographer, you need to first invest so much time deciding the exact model of photographic camera to buy in addition…

Empower network scam
March 14, 2013

Empower network scam…

[...]here are some links to web sites that we link to due to the fact we assume they may be really worth visiting[...]…

cours à distance
March 14, 2013

cours à distance…

[...]The data talked about inside the report are a few of the most beneficial out there [...]…

background checks uk
March 14, 2013

background checks uk…

One more issue is video games usually are serious anyway with the main focus on finding out rather than leisure. Although, there is an entertainment part to keep your children engaged, each game is normally designed to develop a specific skill set or c…

free home workout routines…

[...]one of our visitors just lately encouraged the following website[...]…

College Job
March 15, 2013

College Job…

I have been surfing online more than 3 hours today, yet I never found any interesting article like yours. It is pretty worth enough for me. In my view, if all web owners and bloggers made good content as you did, the web will be much more useful than e…

Safari
March 15, 2013

Safari…

[...]we like to honor lots of other internet websites around the internet, even when they aren’t linked to us, by linking to them. Under are some webpages worth checking out[...]…

locksmith in singapore
March 15, 2013

locksmith in singapore…

[...]always a significant fan of linking to bloggers that I appreciate but really don’t get a lot of link adore from[...]…

Tablet PC Versus Laptop
March 15, 2013

Tablet PC Versus Laptop…

[...]check below, are some completely unrelated sites to ours, having said that, they are most trustworthy sources that we use[...]…

العاب سيارات
March 15, 2013

العاب سيارات…

Excellent goods from you, man. I have understand your stuff previous to and you are just extremely fantastic. I actually like what you have acquired here, really like what you are stating and the way in which you say it. You make it entertaining and yo…

leviev
March 15, 2013

leviev…

[...]that will be the end of this write-up. Here you will locate some websites that we consider you will enjoy, just click the links over[...]…

airconrepair.com.sg
March 15, 2013

airconrepair.com.sg…

[...]one of our visitors lately recommended the following website[...]…

http://www.911paydayloans.co.uk/

[...]please go to the sites we comply with, including this a single, as it represents our picks from the web[...]…

http://obliqueinteriors.com/

[...]that may be the end of this article. Here you’ll come across some web pages that we feel you will appreciate, just click the links over[...]…

best home workouts for men…

[...]that is the finish of this post. Here you’ll come across some sites that we consider you’ll appreciate, just click the hyperlinks over[...]…

home workout routines
March 15, 2013

home workout routines…

[...]although websites we backlink to below are considerably not related to ours, we really feel they’re really really worth a go as a result of, so possess a look[...]…

Cheap Flyers
March 15, 2013

Cheap Flyers…

[...]just beneath, are numerous totally not connected sites to ours, however, they’re certainly really worth going over[...]…

rouletteace.co
March 15, 2013

rouletteace.co…

[...]usually posts some extremely exciting stuff like this. If you’re new to this site[...]…

la prescription du docteur…

[...]here are some hyperlinks to web pages that we link to since we assume they may be worth visiting[...]…

hdfc loans
March 15, 2013

hdfc loans…

[...]please stop by the web pages we follow, including this one, as it represents our picks in the web[...]…

Florist In Essex
March 15, 2013

Florist In Essex…

[...]usually posts some extremely intriguing stuff like this. If you are new to this site[...]…

Adult Martial Arts
March 15, 2013

Adult Martial Arts…

[...]we like to honor a lot of other net websites on the net, even when they aren’t linked to us, by linking to them. Beneath are some webpages worth checking out[...]…

houston jobs
March 16, 2013

houston jobs…

[...]Wonderful story, reckoned we could combine a number of unrelated information, nevertheless actually really worth taking a appear, whoa did a single study about Mid East has got much more problerms too [...]…

Kostenlose Pressemitteilung veröffentlichen…

[...]below you’ll discover the link to some sites that we feel it is best to visit[...]…

Erotické pomůcky
March 16, 2013

Erotické pomůcky…

Erotické pomůcky…

Turisticka chalupa na Slovensku…

Turisticka chalupa na Slovensku…

xenical 120 mg prix
March 16, 2013

xenical 120 mg prix…

I found your blog website on google and check a few of your early posts. Proceed to keep up the superb operate. I simply extra up your RSS feed to my MSN News Reader. Looking for forward to reading extra from you later on!……

Rizikové kácení stromů…

Rizikové kácení stromů…

payday loan online
March 16, 2013

Find out more on Payday Loans British isles…

Important things about Online Payday loan Correctly…

ASSET PROTECTION STRUCTURE FOR BUSINESSES…

[...]we like to honor numerous other world-wide-web web pages on the web, even when they aren’t linked to us, by linking to them. Beneath are some webpages really worth checking out[...]…

Florbal, florbalové vybavení, florbalové hokejky, floorball…

Florbal, florbalové vybavení, florbalové hokejky, floorball…

zprostředkování práce
March 16, 2013

zprostředkování práce…

zprostředkování práce…

http://www.youtube.com/watch?v=jznEpq_dLbA

[...]Wonderful story, reckoned we could combine a couple of unrelated data, nonetheless actually really worth taking a search, whoa did a single master about Mid East has got additional problerms too [...]…

classes
March 16, 2013

classes…

I simply wanted to compose a simple remark to be able to express gratitude to you for those pleasant concepts you are giving out on this website. My particularly long internet look up has at the end been paid with good quality knowledge to share with m…

click the following page
March 16, 2013

click the following page…

[...]that may be the end of this report. Right here you’ll come across some websites that we assume you’ll value, just click the hyperlinks over[...]…

trockene augenlider
March 16, 2013

trockene augenlider…

[...]Here are a few of the internet sites we recommend for our visitors[...]…

Professional Social Network…

[...]Here is a superb Blog You might Locate Intriguing that we Encourage You[...]…

Technology
March 16, 2013

Technology…

[...]please take a look at the internet sites we adhere to, including this one particular, because it represents our picks from the web[...]…

lesbian fiction
March 16, 2013

lesbian fiction…

[...]usually posts some really exciting stuff like this. If you’re new to this site[...]…

outlets online
March 16, 2013

outlets online…

I like the valuable information you provide in your articles. I will bookmark your weblog and check again here frequently. I’m quite certain I will learn a lot of new stuff right here! Good luck for the next!…

Дипломная работа по истории на тем