For the duration of the event described in the post on your blog on Sunday I'd like the time of login and IP address of any authenticated sessions during the window. I'd also like to understand why a post from one of your customers linked to via hacker news was the only notification I received as one of your paying customers. If you know which user accounts we logged into during the event it seems rather straight forward that you would notify those impacted. It seems clear that had a 3rd party not brought this to light you'd have felt it unnecessary to notify your customers.
As Requested, I received the response about an hour after I posted this/sent the email. Can't say the response is terribly reassuring, but I suppose if no authentications have happened I don't have to be concerned about THIS incident.
We're working around the clock to gather additional data. We will notify affected users if we detect any unusual logins or activity in their account. We are reviewing our logs that record password authentication events in accounts. We have not been able to detect any relevant account activity for your account during the time period in question, so we believe that your account was unaffected by the bug.
Dropbox Team,
For the duration of the event described in the post on your blog on Sunday I'd like the time of login and IP address of any authenticated sessions during the window. I'd also like to understand why a post from one of your customers linked to via hacker news was the only notification I received as one of your paying customers. If you know which user accounts we logged into during the event it seems rather straight forward that you would notify those impacted. It seems clear that had a 3rd party not brought this to light you'd have felt it unnecessary to notify your customers.
I look forward to your prompt response.