-
After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.
Astro File Manager overrides/ignores Dropbox passcode
- Thread starter jny2012
- Start date
Gekko
Android Expert
Astro Dropbox integration security hole
Dropbox integration security hole
John Pagakis
suggested this on September 08, 2012 02:22
Allow me to first go on record as saying I'm a long-time fan of Astro & I like the new interface.
That said, the integration with Dropbox, while impressive, has a rather large security hole.
I have my Dropbox account secured via numeric password (this is a feature in Dropbox that you can switch on; look in settings). I have it on for my Nexus 7 tablet as I have sensitive company data in the folder.
Every time I attempt to access Dropbox via their app I am prompted for that password.
When I associate Astro with my Dropbox account, it asks for that numeric password the first time and then never again. After that first time, I can access my Dropbox folder via Astro unchallenged.
Worse, once that persistent authentication is established, the only way I found to eliminate it is to uninstall and reinstall Astro.
If the password option is on, Astro should challenge me EVERY TIME I go to my Dropbox folder and there should be a way to disassociate my account from Astro.
Please fix this!
Dropbox integration security hole : ASTRO File Manager Support
Dropbox integration security hole
John Pagakis
suggested this on September 08, 2012 02:22
Allow me to first go on record as saying I'm a long-time fan of Astro & I like the new interface.
That said, the integration with Dropbox, while impressive, has a rather large security hole.
I have my Dropbox account secured via numeric password (this is a feature in Dropbox that you can switch on; look in settings). I have it on for my Nexus 7 tablet as I have sensitive company data in the folder.
Every time I attempt to access Dropbox via their app I am prompted for that password.
When I associate Astro with my Dropbox account, it asks for that numeric password the first time and then never again. After that first time, I can access my Dropbox folder via Astro unchallenged.
Worse, once that persistent authentication is established, the only way I found to eliminate it is to uninstall and reinstall Astro.
If the password option is on, Astro should challenge me EVERY TIME I go to my Dropbox folder and there should be a way to disassociate my account from Astro.
Please fix this!
Dropbox integration security hole : ASTRO File Manager Support
Wow... If Astro can't be bothered to fix this in almost 2 years, what else are they ignoring?
Gekko
Android Expert
Dropbox Hacked? Blames Third Party Apps For Breach
OCTOBER 14, 2014 BY ALEX HERNANDEZ
dropbox hacked Dropbox Hacked? Blames Third Party Apps For Breach
The Next Web is reporting (referencing a reddit post) that Dropbox is the latest victim of hackers who stole hundreds of usernames and passwords. Some of the data showed up in plain text on Pastebin from an anonymous user asking for Bitcoin donations to release the entire list. Some reddit users confirmed the account credentials worked and were legit logins.
The Next Web reached out to Dropbox for a statement and Dropbox responded by denying the service was hacked. Dropbox claims a third party service was hacked and the hackers stole logins from there to try and gain access to accounts on Dropbox.
Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well.
Dropbox says they detected suspicious activity on the accounts months ago and performed password resets. Recently, Snapchat was also caught up in a squall over hacked data, like Dropbox they blamed third-party applications. Cloud services like these might start to rethink giving access to their API’s to third-party apps, as more users turn to third-party apps for features unavailable in the main app. For now, we recommend changing your Dropbox password as well as an third-party application passwords that might access your Dropbox account.
Source: TheNextWeb
OCTOBER 14, 2014 BY ALEX HERNANDEZ
dropbox hacked Dropbox Hacked? Blames Third Party Apps For Breach
The Next Web is reporting (referencing a reddit post) that Dropbox is the latest victim of hackers who stole hundreds of usernames and passwords. Some of the data showed up in plain text on Pastebin from an anonymous user asking for Bitcoin donations to release the entire list. Some reddit users confirmed the account credentials worked and were legit logins.
The Next Web reached out to Dropbox for a statement and Dropbox responded by denying the service was hacked. Dropbox claims a third party service was hacked and the hackers stole logins from there to try and gain access to accounts on Dropbox.
Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well.
Dropbox says they detected suspicious activity on the accounts months ago and performed password resets. Recently, Snapchat was also caught up in a squall over hacked data, like Dropbox they blamed third-party applications. Cloud services like these might start to rethink giving access to their API’s to third-party apps, as more users turn to third-party apps for features unavailable in the main app. For now, we recommend changing your Dropbox password as well as an third-party application passwords that might access your Dropbox account.
Source: TheNextWeb