A code update over the weekend inadvertently broke the password authentication component of Dropbox, a popular cloud storage service. For about four hours on Sunday, this error allowed users to log into any Dropbox account with erroneous passwords--or with no password at all.

Reacting quickly, Dropbox founder Arash Ferdowsi corrected the bug and proceeded to notify users whose accounts were logged into during the period. Probably seeking to assure its users, Ferdowsi wrote that: "We discovered this at 5:41 pm and a fix was live at 5:46 pm." This was of little help to users though, and his blog entry has generated over 600 comments, many of them critical and downright angry. Others have expressed disappointment.

This incident comes on the heels of allegations that Dropbox misled users about its data security, which culminated in the filing of an FTC complaint last month. However you look at it, this debacle can only be described as a heavy blow to the reputation of the company.

What other security problems are there?

There is no denying the severity of the mistake, and the swiftness of the fix appeared to indicate that it was a simple programming error. As pointed out by some observers however, the fact that such an elementary error took place in the first place points toward inadequate testing prior to upgrades.

While some like R. Chase Razabdouski from the Examiner have argued that the Dropbox security issues are sensationalized, the truth is that the security breaches were only made public by chance. It is within the realm of possibility that the breach could have been discovered weeks later, or that Dropbox would have fixed it without notifying users.

Indeed, some paying Dropbox users have pointed out that they have received no formal notification from the company--but found out about the security lapse via other media outlets. With this in mind, my question is: Is there anything else pertaining to the security (or insecurity) of Dropbox that we don't yet know about?

Encrypt your data

Rather than see this incident as part of a "cloud is good" or "cloud is bad" debate, my personal opinion is that this little fiasco merely underscores the importance of data encryption. Businesses and users should take it upon themselves to protect sensitive data by means of data encryption; it would be downright foolish to upload important data to the cloud without first encrypting them.

How do you personally ensure that your data is kept secure? - Paul Mah (Twitter @paulmah)