On June 19 the team at Dropbox made a big mistake. They pushed an update to the Dropbox cloud storage service that inadvertently meant you could login to any of the 25 million+ Dropbox accounts using any password. It took the service 4 hours to realize, and only then because a concerned user contacted them to question an issue they had noticed at login.In a blog post regarding the issue, Dropbox tried to downplay the problem stating only 1% of people were logged in at the time. They also logged everyone out as a precaution. Further work was done by Dropbox to see if any unauthorized access had been logged on their system. They discovered less than 100 people had been affected, and all users who were logged in during that four hour period have been provided with activity details to ensure nothing suspicious happened.While that response was the right thing to do, not everyone is happy with how Dropbox handled this security issue and a class action lawsuit has been filed.The lawsuit has been brought by Cristina Wong of Los Angeles and claims violation of the California Unfair Competition Law, it also claims invasion of privacy and negligence. Wong argues that Dropbox encourages users to store personal and sensitive information on the service that it advertisers as safer than alternative methods. She also says the first she heard about the security bug was through a news site rather than Dropbox itself.In terms of Dropbox informing users there was an issue, Wong’s claim is backed up by the timing of the Dropbox blog post. We initially reported on the issue a few hours before Dropbox confirmed it. But they had known about it since the day before.More at Consumeraffairs.comMatthew’s OpinionI think when reviewing what happened here you have to put the situation in perspective. Dropbox messed up by introducing a bug that posed a major security risk. The any password problem was rectified 5 minutes after Dropbox discovered it, but unfortunately it had been active for four hours already.Things that Dropbox did right include logging everyone out, sending affected users detailed logs, and tracking any activity for malicious behavior. The area where they fell down was not informing users immediately that an issue existed, instead waiting until the next day to do so.This is not worthy of a class action lawsuit. It’s a reminder that Dropbox is still a young company finding its way with a clever service. I doubt we’ll see this happen again as measures will be taken to stop it. Yes, they messed up, but they also took appropriate action to ensure all accounts were safe.