Dropbox Admits to a 'Web Vulnerability' Affecting Shared File Links

Advertisement
By Robin Sinha | Updated: 6 May 2014 18:51 IST

Dropbox has revealed a major loophole in its cloud service regarding document sharing and access by unintended users.

The firm has mentioned that the unintended users can access the documents from the shared file links that a Dropbox user shared with the intended recipient, if a certain set of actions occurs.

Advertisement

The firm explains the vulnerability opens up when a Dropbox user shares a link to a document that contains a hyperlink to a third-party website and the authorized recipient of the document clicks on the hyperlink in the document. Once clicked, the referrer header (designed to understand web traffic sources) reveals the original shared link to the third-party website enabling someone such as the webmaster of the third-party website to access the link to the shared document.

To curb the issue for the time being, Dropbox has taken numerous steps. For previously shared links to such documents, Dropbox has disabled access until further notice, and says it is working to restore links that aren't susceptible to this vulnerability "over the next few days."

Advertisement

In the meantime, as a workaround, Dropbox has allowed users to re-create any shared links that have been turned off by them. The company also said that for all shared links created going forward, it has patched the vulnerability. The Dropbox for Business users have the ability to restrict their shared file link access to people in their circle. Files with such access controls in place already are said to be safe.

Advertisement

"We realize that many of your workflows depend on shared links, and we apologize for the inconvenience. We'll continue working hard to make sure your stuff is safe and keep you updated on any new developments," mentioned the official blog post.

Additionally, Graham Cluley, security expert, adds in his blog that the same vulnerability can also affect the Box cloud service. "Many cloud data storage services provide users with a method to share links with others. For instance, when a user creates a shareable link on Dropbox or Box, anyone with that link can access the data. You don't even have to be a registered user of the service to access a shared link."

 
Post your comments

Catch the latest from the Consumer Electronics Show on Gadgets 360, at our CES 2026 hub.

Further reading: Cloud Storage, Dropbox, Dropbox Flaw, Dropbox Link Sharing, Internet, Third Party Dropbox Access
NBA Launches Online Merchandise Store in India With Jabong
HTC Forecasts Return to Profitability on One (M8), Desire 816 Sales
Advertisement

Related Stories

WhatsApp Chat History and Media Backups on Android Will Soon Take Up Space on Google Account Storage
15 November 2023
Dropbox to Reduce Workforce by 16 Percent, Plans to Hire New Staff for AI Offerings
27 April 2023
Microsoft OneDrive Brings Basic Photo Editing Tools to Its Web, Android Apps to Rival Google Photos
23 June 2021
Three Free Google Photos Alternatives That You Can Try
11 June 2021
DigiBoxx, an Indian Cloud Storage Service With Affordable Pricing, Launched by NITI Aayog
22 December 2020
Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Here's When the Realme P4 Power 5G Will Launch in India
  2. Vivo X200T With Zeiss Cameras to Launch in India on This Date
  3. Motorola Edge 70 Fusion Leak Reveals Full Specifications Ahead of Launch
  4. Redmi Note 15 Pro Series Might Launch in India With These Storage Options
  5. Google Pixel 10a Leak Suggests No Price Hike Over Pixel 9a
  6. New Dark Matter Simulation Could Change How Galaxies Are Thought to Evolve
  7. OnePlus 16 May Launch With These Display, Battery and Camera Upgrades
  8. Sony to Cede Control of Bravia TVs to China's TCL Electronics
  9. Bindiya Ke Bahubali Season 2 OTT Release Date: Know Everyting About Cast, Plot, and Mo
#Latest Stories
  1. Scientists Find Clue to High-Temperature Superconductivity in Quantum Materials
  2. New Dark Matter Simulation Could Change How Galaxies Are Thought to Evolve
  3. SpaceX Adds 29 More Starlink Satellites in Rapid Falcon 9 Launch From Florida
  4. Sony to Cede Control of Bravia TVs to China’s TCL Electronics
  5. Adobe Premiere Integrated With AI-Powered Firefly Platform; New After Effects Features Rolling Out
  6. Samsung Upgrades Bixby With Perplexity-Powered AI Features, Takes Page Out of Apple’s Playbook
  7. Google Reportedly Working On New Live Features and Agentic Mode for Gemini Assistant
  8. Redmi Note 15 Pro+, Redmi Note 15 Pro RAM and Storage Options, Key Specifications Leaked Ahead of India Launch
  9. Eddington Arrives on OTT: What You Need to Know About Joaquin Phoenix and Pedro Pascal Starrer Thriller
  10. Red Magic 11 Air Launched With Snapdragon 8 Elite, RedCore R4 Gaming Chip and 7,000mAh Battery
Gadgets 360 is available in
Follow Us
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.