Arash Ferdowsi n the Dropbox blog:
Yesterday we made a code update at 1:54pm Pacific time that introduced a bug affecting our authentication mechanism. We discovered this at 5:41pm and a fix was live at 5:46pm. A very small number of users (much less than 1 percent) logged in during that period, some of whom could have logged into an account without the correct password. As a precaution, we ended all logged in sessions.
This is a big deal and if you read through the comments on that post it is littered with pissed off customers, many claiming they won’t be using the service anymore. The smart move at this point is not to keep anything sensitive in Dropbox until Dropbox proves competent at security.
I have seen a few people worried about their 1Password data that they sync with Dropbox, it’s important to remember that 1Password data is encrypted before syncing. Meaning this data was still secure.
Dropbox, you can and need to do better.