Client Testimonial
"Many IT service providers are more interested in selling hardware than providing a prompt and value adding service. This is not the case with Dual Layer." read more »
Harmony Capital
Client Login
 Quick Contact
Mozilla users' data was open to access
Category : General 29 Dec 2010 10:45 AM | Industry News
44,000 user IDs and password hashes were revealed in the accidental disclosure. Mozilla's security team has already contacted all those potentially affected via email.
Chris Lyon, director of infrastructure security at Mozilla blogged that a database containing 44,000 user accounts was mistakenly left on a public server. Apparently the users accounts were all inactive according to Lyon and were using md-5 based password hashes.
All downloads were accounted for by Mozilla, with the only external access being that by the security researcher. According to Mozilla, the "issue posed minimal risk to users". Yesterday, Mozilla also contacted all affected users by email to explain the situation. According to the email, the file in question was placed on the server by mistake and contained the email address and first/last names of users along with an MD5 hash of the user's password.
Users who were listed in the file have had their passwords deleted and will need to go to the addons site and click "Forgot Password" to generate a new password. The database only contained data for inactive users of the site; active users of the site were unaffected.