Mozilla loses Firefox addons user reg data – Is there a risk to you?

sr-firefox3.jpg
From the ‘Nothing to See Here, Move Along‘ files:

As a regular user of the open source Mozilla Firefox addons.mozilla.org site for browser extensions, I was somewhat alarmed to see a report that user password and registration information may have been publicly leaked.

As it turns out, the risk is minimal, but it could have worse — a lot worse.

Chris Lyon, director of infrastructure security at Mozilla blogged that a database containing 44,000 addons.mozilla.org user accounts was mistakenly left on a public server. Apparently the users accounts were all inactive according to Lyon and were using md-5 based password hashes.

 “We erased all the md5-passwords, rendering the
accounts disabled,” Lyon wrote. “All current addons.mozilla.org accounts use a more
secure SHA-512 password hash with per-user salts.”

Lyon goes on to note that currently active addons.mozilla.org users (like me) are not at risk (phew!).

Get the Free Newsletter!

Subscribe to our newsletter.

Subscribe to Daily Tech Insider for top news, trends & analysis

News Around the Web