Feeds

Mozilla exposes 44,000 passwords

'Old, inactive, and harmless'

Boost IT visibility and business value

Mozilla inadvertently exposed the passwords of 44,000 inactive addons.mozilla.org accounts, but says there's nothing to worry about.

"On December 17th, Mozilla was notified by a security researcher that a partial database of addons.mozilla.org user accounts was mistakenly left on a Mozilla public server," Mozilla's director of infrastructure security Chris Lyon wrote in a posting on the Mozilla Security Blog late Monday night.

Although that exposure may seem a wee bit scary, Lyons notes that all the passwords were for inactive accounts, that Mozilla was able to account for every download of the database, and that the password hashes were of the "older md5-based" variety, and that they all have now been deleted, effectively disabling those accounts.

"All current addons.mozilla.org accounts use a more secure SHA-512 password hash with per-user salts" since April 9, 2009, Lyons said. "It is important to note that current addons.mozilla.org users and accounts are not at risk."

Mozilla informed all affected users of the slip-up by email, prompting one Larry Seltzer to add a comment to Lyon's post, saying: "I got the e-mail a while before this blog post or anything else about the matter was on the web. The e-mail looked legit, but..."

Ah, Mr. Seltzer, we know the feeling. ®

Boost IT visibility and business value

More from The Register

next story
USA to insist on pre-flight mobe power probe
Prove it works or it can't come aboard flights to USA
Computing student jailed after failing to hand over crypto keys
Sledgehammer once again used to crack a nut
Brit celebs' homes VANISH from Google's Street View
Tony Blair's digs now a Tone-y Blur
Doctor Who season eight scripts leak online
BBC asks fans to EXTERMINATE copies before they materialise
Insecure AVG search tool shoved down users' throats, says US CERT
Sneaky 'foistware' downloads install things you never asked for
New NSA boss plays down impact of Snowden leaks
You have not heard me say 'OMG, the sky is falling'
'I don't want to go on the cart' ... OpenSSL revived with survival roadmap
Heartbleed-battered crypto library reveals long path back to health
MONSTER COOKIES can nom nom nom ALL THE BLOGS
Blog networks can be force-fed more than they can chew
prev story

Whitepapers

How modern custom applications can spur business growth.
In this whitepaper learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
The Power of One eBook: Top reasons to choose HP BladeSystem
Only the Power of One delivers leading infrastructure convergence, availability and scalability with federation, and agility through data center automation.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximizing your infrastructure through virtualization
Virtualization continues to be one of the most effective ways to consolidate, reduce cost, and make data centers more efficient.
Build a Business Case: Developing Custom Apps
In this whitepaper learn how to maximize the value of custom applications by accelerating and simplifying their development.