This is yet another post in my ongoing campaign to let the world know about the criticality of software testing, especially “quality” testing that incorporates ISEB & ISTQB best practices. This time, one of my favorite services, DropBox, basically dropped the ball!
Here’s what happened. The company made a code update which resulted in the introduction of a major authentication bug. Specifically, for almost 4 hours the defect caused the authentication mechanism to fail, which essentially allowed anyone to access anyone else’s account without the proper log-in credentials!
If you’ve never heard of DropBox, it is a tool that allows you to “drop” your computer files into an icon on your desktop so that they can be stored / backed-up on a remote server. Once backed up, the user can log-in to his/her account to access or share the files as he/she sees fit. The company claims to have about 25 million users, and it is not a stretch to assume that a good percentage of them keep personally identifiable information and other sensitive data stored in their accounts. Yikes!
Although ‘only’ up to 1% of all user accounts were impacted, 1% of 25 million is still a whopping 250,000 people! I sure hope the company’s public relations’ staff is ready to engage in some heavy-duty damage control!
Although the issue has been resolved, you have to wonder how vulnerable a service like DropBox is to future security breaches, whether caused by a bug or a hack. In this case, it is obvious that the company’s software testing efforts epically failed, and hence it is reasonable to assume that something like this will happen again sooner or later. I sincerely hope that DropBox is now committed to better software testing, because if something like this does ever happen again due to their negligence, they’ll be looking at a mass exodus of users and a rapid erosion of their brand and reputation. Let’s hope that they now “get it”!
Filed Under: Software Testing