Jason Kincaid at AOL/TechCrunch:
First, the good news: the scale of the attack affected “fewer than a hundred accounts” out of Dropbox’s 25 million total users. But according to the letter, those accounts were all accessed by a single individual. In other words, these weren’t accidental logins due to typos — someone discovered the hole and actively used it to access files that were not theirs. That’s obviously very alarming.
A small number, thankfully, but still unsettling. Dropbox is starting to fall out of favor after this episode and the recent change in Dropbox’s terms of service. I’m not quite on the bandwagon yet – after all, I use Dropbox for convenience not security – but I am paying attention to some alternatives. See David Parry’s recent post Why I Might Be (although I would rather not be) Leaving Dropbox.