Mozilla loses Firefox addons user reg data – Is there a risk to you?

From the ‘Nothing to See Here, Move Along‘ files:

As a regular user of the open source Mozilla Firefox site for browser extensions, I was somewhat alarmed to see a report that user password and registration information may have been publicly leaked.

As it turns out, the risk is minimal, but it could have worse — a lot worse.

Chris Lyon, director of infrastructure security at Mozilla blogged that a database containing 44,000 user accounts was mistakenly left on a public server. Apparently the users accounts were all inactive according to Lyon and were using md-5 based password hashes.

 “We erased all the md5-passwords, rendering the
accounts disabled,” Lyon wrote. “All current accounts use a more
secure SHA-512 password hash with per-user salts.”

Lyon goes on to note that currently active users (like me) are not at risk (phew!).

News Around the Web