Tuesday, January 11, 2011

Mozilla slips up and posts old user database online, but you should be OK

Mozilla logoOn December 17, a partial database of addons.mozilla.org (AMO) user accounts was found on a public Mozilla server. Mozilla was quickly notified by a security researcher via the Bug Bounty program, and the database was quickly removed. Don't panic, though: you should be OK.

The file only contained inactive user accounts that were encrypted using older, no-longer-secure MD5 password hashes. All current AMO accounts are encrypted much more securely, and those accounts remain uncompromised. Mozilla is also fairly certain that they can account for every download of the database file, so there is likely little or no risk to the users involved -- but just in case, if you use your AMO password on other sites, you may want to change it. Incidentally, if you were one of the 44,000 people on the list, Mozilla should have sent you an email detailing the breach.

As always, it's vital that you use different passwords for every service you use; that way, if one database is breached, you are still relatively safe. KeePass is excellent, as is LastPass.

There's a little more information on the Sophos Naked Security blog, but really, there isn't much else to it. We're now left to wonder how a database of names and passwords was left on a public server...

Mozilla slips up and posts old user database online, but you should be OK originally appeared on Download Squad on Tue, 28 Dec 2010 13:30:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Source: http://downloadsquad.switched.com/2010/12/28/mozilla-slips-up-and-posts-old-user-database-online-but-you-sho/


No comments:

Post a Comment