A screenshot of Mozilla's add-on website
(WEB HOST INDUSTRY REVIEW) — A database of 44,000 inactive Mozilla usernames and passwords was publicly disclosed on December 17, a report by Computerworld said on Tuesday.
According to the report, the database containing information of user accounts for the addons.mozilla.org site was accidentally placed on a public server.
Mozilla became aware of the exposure on December 17 when a volunteer submitted a notification through its web bounty program.
“We were able to account for every download of the database,” Chris Lyon, director of infrastructure security at Mozilla wrote in a blog post on Monday. “This issue posed minimal risk to users, however as a precaution we felt we should disclose this issue to people affected and err on the side of disclosure.”
Account holders affected were notified by email on December 27.
Mozilla said the file contained user email addresses, first and last names, and MD5 password hashes.
Lyon said current users weren’t affected because Mozilla upgraded its password encryption procdure in April 2009.
Mozilla deleted the encrypted passwords and requested users change their passwords to that site as well as other Mozilla sites.
About Nicole Henderson
Nicole Henderson writes full-time for the Web Host Industry Review where she covers daily news and features online, as well as in print. She has a bachelor of journalism from Ryerson University in Toronto, and has been writing for the WHIR since September 2010. You can find her on Twitter @NicoleHenderson.
No related posts.
