[tlrobinson]

"a flaw in dropbox's password policy / authentication system to access the information"

What flaw? It sounds like a Dropbox employee was simply reusing a password stolen on another site.

[ewillbefull]

How is that not a flaw in the authentication system?

[skeletonjelly]

Using a key to open a door that was designed to be opened with that key is not a flaw in the lock mechanism. The fact that the user set that key to also open something else is not the fault of the former lock.

[ewillbefull]

This is not at all how security researchers think of it. Security vulnerabilities are very broad, they can be exploited through social engineering, through incompetent employees who do not have rigorous password standards, etc. If you narrow security vulnerabilities to coding mistakes, you're neglecting your customers.