[bigiain]

Yeah, that's good - but ~22hrs late.

I'm surprised (bordering on disappointed) that the initial response by the moderator Chris didn't trigger a Dropbox employee response almost immediately. Even given worst-case timing I'd expect a first thing next working day response in 16 hours - but for a potentially serious security related problem like this I really expected to see an immediate "Hey, thanks for the report - we're looking into this right now, can I contact you off-forum to get more details." from a Dropbox employee - preferably with an obviously security related job title.

I fully understand why Dropbox can't afford/justify providing high priority customer support to their free-tier customer base, but ignoring possible security breaches reported from the free-tier seems foolish, and allowing your crowd-sourced forum-based-customer-support to mishandle it like this is really sad.