Dropbox has announced a patch to a vulnerability that allowed third parties to access links to documents you have shared with friends.
While they are working, Dropbox has disabled the link sharing feature temporarily and expects to see it back online in the coming days. The company insists that no one has lost any information.
While we’re unaware of any abuse of this vulnerability, for your safety we’ve taken the following steps to make sure this vulnerability can’t be exploited:
• For previously shared links to such documents, we’ve disabled access entirely until further notice. We’re working to restore links that aren’t susceptible to this vulnerability over the next few days.
• In the meantime, as a workaround, you can re-create any shared links that have been turned off.
• For all shared links created going forward, we’ve patched the vulnerability.
• Additionally, if you’re a Dropbox for Business customer, you have the option to restrict shared link access to people in your Dropbox for Business team. Links created with those access controls were not affected.