RealTime IT News

Mozilla loses Firefox addons user reg data - Is there a risk to you?

From the 'Nothing to See Here, Move Along' files:

As a regular user of the open source Mozilla Firefox addons.mozilla.org site for browser extensions, I was somewhat alarmed to see a report that user password and registration information may have been publicly leaked.

As it turns out, the risk is minimal, but it could have worse -- a lot worse.

Chris Lyon, director of infrastructure security at Mozilla blogged that a database containing 44,000 addons.mozilla.org user accounts was mistakenly left on a public server. Apparently the users accounts were all inactive according to Lyon and were using md-5 based password hashes.

 "We erased all the md5-passwords, rendering the
accounts disabled," Lyon wrote. "All current addons.mozilla.org accounts use a more
secure SHA-512 password hash with per-user salts."

Lyon goes on to note that currently active addons.mozilla.org users (like me) are not at risk (phew!).