Not that it would really change anything, but there isn't much wording around apologies or being sorry about letting that happened.
More details would have been nice too. Allowing anybody to log into anybody's account is a big deal, even if in the end a small percentage of people were likely affected. It's not like I couldn't access my account for a few hours or that the sync got messed up somehow.
Also, it'd be nice to know how the bug was discovered on Dropbox's side: did they realize it themselves or was it from nice people who found the problem?
Yeah, that's kind of what I'm curious about: did Dropbox learn about it through that guy's discovery? If so, we're lucky that that guy came across it the very same day the bug was introduced. I'd assume there aren't that many people who would have found the security hole, been nice not to abuse it and cared enough to let Dropbox and the world know…
More details would have been nice too. Allowing anybody to log into anybody's account is a big deal, even if in the end a small percentage of people were likely affected. It's not like I couldn't access my account for a few hours or that the sync got messed up somehow.
Also, it'd be nice to know how the bug was discovered on Dropbox's side: did they realize it themselves or was it from nice people who found the problem?