On Sunday, DropBox—a service that stores files for its more than 25 million users—experienced a security lapse in which anyone could log into the site without a correct password. The breach lasted four hours.
One day later, DropBox fessed up to the incident in a blog post. Good move, right? Not good enough—the company was scooped by the website PasteBin. TechCrunch picked up the report, followed by other blogs and news outlets.
Many users expressed frustration that they learned of the breach not from the company, but from blogs and even through Facebook updates.
One commenter to the DropBox blog said: