Dropbox advises of vulnerability that exposed shared links: SSO Alert Priority Moderate
9 May 2014
Cloud sharing and storage service Dropbox has advised its users of a vulnerability affecting users who share files containing hyperlinks.
The administrators of any website referenced by the hyperlink in the file are inadvertently also given access to the file—if the original intended recipient with whom you shared the file, clicks on the hyperlink.
Dropbox has advised it has not detected any access or abuse of this vulnerability, but it has taken steps to address it, including disabling links that you might have shared to documents that could have been affected.
Dropbox users may have noticed this affecting their access to shared files over recent days.
Dropbox has advised it is gradually re-enabling links to these files, pointing out that the same vulnerability could expose them again. If you wish to ensure they cannot be exposed you will need to recreate the link and re-share it to the recipient again.
The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.
Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.
This information has been prepared by Enex TestLab for the Department of Communications ('the Department'). It was accurate and up to date at the time of publishing.
This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.
The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.
Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.
Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.