We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,779 News Articles

Mozilla site exposed encrypted passwords

44,000-strong database placed on public server

A database of inactive Mozilla usernames and passwords was exposed on the internet earlier this month, the Mozilla Foundation disclosed on Tuesday.

The database, which contained 44,000 inactive user accounts for the addons.mozilla.org site, was inadvertently placed on a public-facing web server, wrote Chris Lyon, the Mozilla director of infrastructure security, in a blog posting.

Lyon stressed that the exposure "posed minimal risk to users". The organisation erased all the passwords, which were encrypted. It also accounted for every download of the database.

Current users of addons.mozilla.org are not affected, because the organization upgraded its procedure for encrypting passwords in April 2009, Lyon stated.

Mozilla security officials were first notified of the exposure on December 17, through the organization's web bounty program, which allows volunteers to submit security-related bugs.

The Foundation notified all the account holders by e-mail on December 27 of the exposure.


IDG UK Sites

Top 5 Android tips and tricks for smartphones and tablets

IDG UK Sites

How to join Apple's OS X Beta Seed Program: Get OS X Yosemite on your Mac before public release

IDG UK Sites

Why the BBC iPlayer outage was caused by a DDoS attack: Topsy and Tim isn't *that* popular

IDG UK Sites

BBC using Glasgow 2014 Commonwealth Games to trial 4K/UHD, pan-around video, augmented video and...