44,000 inactive Mozilla accounts leaked

Andre Yoskowitz
29 Dec 2010 23:24

Mozilla has confirmed this week that a database of inactive Mozilla usernames and encrypted passwords was compromised, with the accounts being leaked to the Internet.
Chris Lyon, the Mozilla director of infrastructure security, says (via CW) 44,000 inactive inactive user accounts "for the addons.mozilla.org site were inadvertently placed on a public-facing Web server."

While noting that the "exposure posed minimal risk to users," Lyon says the company has erased all the passwords, which were encrypted anyways, and accounted for all downloads of the database.
All current users of addons.mozilla.org needn't worry as Mozilla upgraded its database and procedure for encrypting passwords in April of last year.

Security officials for the organization were notified of the leak on December 17th, through the bounty program which pays out up to $3000 to volunteers who submit security-related vulnerabilities, bugs and exploits.

All account holders in the leaked database were notified on December 27th.

More from us
Tags
Mozilla Leak
We use cookies to improve our service.