A code update left Dropbox, the popular cloud storage service, password-free for about four hours on Monday afternoon.

A code update left , the popular cloud storage service, password-free for about four hours on Sunday evening.

During this time, anyone could access any of Dropbox's 25 million user accounts by typing in any password.

The lapse occurred between 1:54 p.m. to 5:46 p.m. PT. According to Dropbox's blog post, "much less" than one percent of its members logged in during this period. However, the company still isn't clear whether any improper behavior occurred during the time. If you suspect any strange activity on your account, you can email [email protected]

"This should never have happened. We are scrutinizing our controls and we will be implementing additional safeguards to prevent this from happening again," the company wrote in a rather vague blog post.

The bug was first posted on Pastebin, another storage ground often used by programmers, by cybersecurity researcher Christopher Soghoian, who is pursuing a doctorate at the University of Indiana. An unnamed person tipped him off when he realized that even obvious typos made during his password entry could log him into his account.

Soghoian was most likely contacted because he has been scrutinizing Dropbox's security system for months. he filed an FTC complaint against the company for misrepresenting its security level, and using a type of encryption technology that put its users at risk of data breaches and identity theft.

Dropbox encrypts data for its users, which gives the company the power to access its users' data. Most likely, the reasoning behind this is in case a user forgets his or her password. However, Soghoian says the company falsely advertised on its website that only the user could access his own data.

At the time Dropbox countered that it has "strict policy prohibitions" and "access controls" to prevent most of its employees from being able to access user files.

Nonetheless, Monday's negligence has made Dropbox even more unpopular with users:

"Dropbox was a killer service. Too bad I no longer trust them," tweeted blogger @DaveZatz.

"I deleted my @Dropbox account. Even as a free service they're not worth the trouble," tweeted @helpnetsecurity.

Developer @lukeredpath suggested, "Dropbox should be explaining *what* exactly went wrong and what they are doing to prevent it happening again."

Launched in 2009, Dropbox boasts 25 million users and the storage of more than 200 million files.

Editor's note: This story was corrected at 1:17 p.m. ET. The flaw was detected on Sunday night, not Monday.