Security

Dropbox bug sends years-old deleted files back to user accounts

A recently discovered bug affecting cloud company Dropbox resulted in data that was supposedly deleted years ago being restored back to user accounts.

dropbox.jpg
Image: Dropbox

Some Dropbox users recently got quite the surprise when data they believed they had deleted off of the service years ago showed back up in their Dropbox account. The information surfaced in a Dropbox forum discussion between users and employees trying to get to the bottom of the issue.

The good news: Dropbox hasn't been hacked again. The bad news is that files originally thought to have been deleted as far back as 2009 were still on Dropbox servers, and popped back up in users' accounts.

According to the Dropbox Help Center, the company's current policy is to keep deleted files for 30 days, in case a user changes their mind, before they are purged for good. However, it seems that a bug was preventing this from happening, and had been for many years.

SEE: Cloud Data Storage Policy (Tech Pro Research)

So, what exactly happened? According to Dropbox employee Ross S., who posted to the forum on Thursday, the company was in the process of addressing and fixing the bug when they "inadvertently restored the impacted files and folders to those users' accounts." Ross went on to note that it was the company's mistake, and there was no third party involved.

What's also interesting is that, further in Ross's post, he noted that Dropbox will permanently remove files and folders from the server within 60 days of their deletion, not the 30 day window mentioned on the help page. The reason the deleted files in question showed back up was due to "metadata inconsistencies," according to Ross's post.

At this point, the metadata bug has been fixed, so users should be able to delete the restored files and folders, without the risk of them coming back, the post noted. User quotas won't be affected by the restored files, and Ross also noted that Dropbox is "continuing to explore alternative solutions," and will update users in the forum itself.

The bug initially raised concerns among users of a possible attack on the site, as Dropbox experienced a massive hack in the past that left 68 million passwords compromised. Regardless, the bug itself raised some privacy concerns among users in the forum, leading user grilopedro to write: "The problem now is quite simple: HOW CAN WE TRUST DROPBOX EVER AGAIN?"

The 3 big takeaways for TechRepublic readers

  1. A recent Dropbox bug caused deleted files from as early as 2009 to show back up in user accounts.
  2. The bug was being addressed by Dropbox when the company accidentally sent the files back to the users, the company stated in a forum post response.
  3. Dropbox's official policy is to permanently purge deleted files from its servers 30 days after the user has deleted them.

Also see

About Conner Forrest

Conner Forrest is a Senior Editor for TechRepublic. He covers enterprise technology and is interested in the convergence of tech and culture.

Editor's Picks

Free Newsletters, In your Inbox