Mozilla loses Firefox addons user reg data - Is there a risk to you?
As a regular user of the open source Mozilla Firefox addons.mozilla.org site for browser extensions, I was somewhat alarmed to see a report that user password and registration information may have been publicly leaked.
As it turns out, the risk is minimal, but it could have worse -- a lot worse.
Chris Lyon, director of infrastructure security at Mozilla blogged that a database containing 44,000 addons.mozilla.org user accounts was mistakenly left on a public server. Apparently the users accounts were all inactive according to Lyon and were using md-5 based password hashes.
"We erased all the md5-passwords, rendering the
accounts disabled," Lyon wrote. "All current addons.mozilla.org accounts use a more
secure SHA-512 password hash with per-user salts."