May 6, 2014 Dropbox told about vulnerability in November 2013, only fixed it when the media showed interest