Yesterday DropBox made a code update at 1:54pm Pacific time that introduced a bug affecting the service's authentication mechanism. The company discovered this at 5:41pm and fixed it by 5:46pm. Dropbox said that "a very small number" of users (much less than 1 percent) logged in during that period, some of whom could have logged into an account without the correct password.As a precaution, the company ended all logged in sessions.

The bug would have allowed anyone to log into into someone else’s account simply by typing in their e-mail address.

Dropbox is conducting an investigation of related activity to understand whether any accounts were improperly accessed.