Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

If you’re concerned about any activity that has occurred in your account, you can contact us at security@dropbox.com.

I'd like the full access logs, including timestamps and IP addresses of every time my account was accessed in this timeframe. I've written security@dropbox.com about this, and am waiting to hear back.



Asked the same. Quick response to be fair:

"I am unable to provide log data at this time.

We're working around the clock to gather additional data. We will notify affected users if we detect any unusual logins or activity in their account. We are reviewing our logs that record password authentication events in accounts.

We have not been able to detect any relevant account activity for your account during the time period in question, so we believe that your account was unaffected by the bug."


In fact, they should add this permanently to the UI, like Gmail.


They should. Could also do what Facebook (optionally) does: require you to send them a 4-digit code via your phone to allow access to any new unrecognized devices.


Agreed. Or a notification when a new device logs into your account, like Facebook does.


They should be going out of their way to retain these.


I don't understand why they are not assuming everyone is going to be concerned about activity in their account instead of saying "if you are". I would personally expect every customer to be provided with the relevant information proactively. Should it really be up to the user to go through the geebees of files in their account?


I've also emailed them and will be waiting to hear from them. This was a big breach of security.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: