> This is a ridiculous response, and one which seems very ungrounded in the law.
What is the basis of such assertion? Let the courts decide that if the basis is unfounded or not.
> But, they're still a startup.
This is no excuse, if you charge money for your services AND claim to be military grade secure with respect to data. https://www.dropbox.com/security
> There's no SLA. They responded quickly, fixed the bug as soon as they caught it, and have been thorough in investigating any unauthorized access of accounts.
They took 4 hours to know entire dropbox was accessible to everyone, and tried to sweep the incident under the rug by not emailing the issue to users.
> Why sue them? It's just going to disrupt a very good service. It's not going to help them recover (I'm sure they've already learned heavily from the mistake.)
Because they are not entitled to be on the goodside of the user, which unacceptably bad handling of the situation. They, like everyone else, are not entitled to anything, other than what is contracted. You screw users, you get screwed. It is as simple as that.
What is the basis of such assertion? Let the courts decide that if the basis is unfounded or not.
> But, they're still a startup.
This is no excuse, if you charge money for your services AND claim to be military grade secure with respect to data. https://www.dropbox.com/security
> There's no SLA. They responded quickly, fixed the bug as soon as they caught it, and have been thorough in investigating any unauthorized access of accounts.
They took 4 hours to know entire dropbox was accessible to everyone, and tried to sweep the incident under the rug by not emailing the issue to users.
> Why sue them? It's just going to disrupt a very good service. It's not going to help them recover (I'm sure they've already learned heavily from the mistake.)
Because they are not entitled to be on the goodside of the user, which unacceptably bad handling of the situation. They, like everyone else, are not entitled to anything, other than what is contracted. You screw users, you get screwed. It is as simple as that.