[nomurrcy]

I received the following from Drop box late last night:

We are writing to let you know that there was some activity in your Dropbox account that we'd like you to review. On June 19, 2011, there was a brief bug with our authentication system that could have allowed unauthorized access to accounts. You can read more about it at our blog post linked here.

Based on a careful review of our records, we noticed that your account settings page was accessed during the time the bug was in effect. While it's unlikely, we'd like to be cautious and make sure this was you because if the activity was unauthorized, the information in your account could have been improperly accessed. Please review recent activity in your account, which you can view at http://www.dropbox.com/events, and let us know if you find anything suspicious.

We noticed that during the time the bug was in effect you also:

Logged into the Dropbox website Linked the desktop application to your Dropbox

As a precautionary measure, we logged you out of the website and disabled any apps.

We are very sorry and this should never have happened. We are scrutinizing our controls and will be implementing additional safeguards to prevent this from happening again. If you're not able to access your account or have any other questions or concerns, please contact us at support@dropbox.com.

I don't know what else they are supposed to do. They should have never screwed this up to begin with, but grandted that they did I think they've responded just fine.

IMHO All the moaning about how they've handled this is just a bunch of baloney. If a company spokesperson speaks out of both sides of their mouth, people cry for honesty. When a company is blunt and honest, they need to hire a PR person. I wonder how many people on these threads are 'PR' people.

[danilocampos]

You've created a false dichotomy here. You don't need PR to have empathy or accountability – just a sense of humility. You can still be completely blunt. If the blog post had ended with:

"We fucked up. Not cool. We're going to work hard to prevent these things in the future and earn your trust."

Then the tone of the response would have been very different. That email was pretty good – they should have said something closer to that in their blog, too.