Attackers able to get their hands on a Dropbox configuration file would be able to access and download any files a user synchronises through the service without betraying any signs of compromise, a security researcher has discovered.
Derek Newton discovered that a Dropbox authentication token, stored in a config file of the Dropbox directory of a Windows PC, allows access to an associated account with the file-synchronisation service

The link for this article located at The Register UK is no longer available.