44,000 inactive Mozilla accounts leaked

44,000 inactive Mozilla accounts leaked
Mozilla has confirmed this week that a database of inactive Mozilla usernames and encrypted passwords was compromised, with the accounts being leaked to the Internet.

Chris Lyon, the Mozilla director of infrastructure security, says (via CW) 44,000 inactive inactive user accounts "for the addons.mozilla.org site were inadvertently placed on a public-facing Web server."



While noting that the "exposure posed minimal risk to users," Lyon says the company has erased all the passwords, which were encrypted anyways, and accounted for all downloads of the database.

All current users of addons.mozilla.org needn't worry as Mozilla upgraded its database and procedure for encrypting passwords in April of last year.

Security officials for the organization were notified of the leak on December 17th, through the bounty program which pays out up to $3000 to volunteers who submit security-related vulnerabilities, bugs and exploits.

All account holders in the leaked database were notified on December 27th.

Written by: Andre Yoskowitz @ 29 Dec 2010 23:24
Tags
Mozilla Leak
Advertisement - News comments available below the ad

© 2024 AfterDawn Oy

Hosted by
Powered by UpCloud