According to InformationWeek, Drop box says only "a very small number of users (much less than 1 percent)" were affected. Once discovered, the flaw only took five minutes to fix, but as a precaution, all logged-in sessions were ended.
This isn't the first time Dropbox's security has come into question. In May, University of Indiana Ph.D. and security researcher Christopher Soghoian filed a complaint with the Federal Trade Commission, claiming that Dropbox has been misleading users about the security and privacy of their files. Soghoian takes issue with Dropbox's deduplication process, saying it makes it easy for outsiders to know what's on Dropbox's servers.