Critical Access Risk: Dropbox Authentication Token Leaks Account Data

Attackers able to get their hands on a Dropbox configuration file would be able to access and download any files a user synchronises through the service without betraying any signs of compromise, a security researcher has discovered. Derek Newton discovered that a Dropbox authentication token, stored in a config file of the Dropbox directory of a Windows PC, allows access to an associated account with the file-synchronisation service

The link for this article located at The Register UK is no longer available.