Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mozilla Posts File Containing Registered User Data

Posted by Soulskill on Monday December 27, 2010 @10:14PM from the heads-up dept.

wiredmikey writes "Mozilla yesterday sent an email to registered users of its addons.mozilla.org site, letting them know that it had mistakenly posted a file to a publicly available Web server which contained data from its user database including email addresses, first and last names, and an md5 hash representation of user passwords."

1 of 154 comments (clear)

Min score:

Reason:

Sort:

Mozilla's public disclosure by Giorgio+Maone · 2010-12-27 22:24 · Score: 5, Informative

http://blog.mozilla.com/security/2010/12/27/addons-mozilla-org-disclosure/
Active accounts have their password SHA-512 hashed with per-user salt, so they're safe (for a while). However those 44,000 holders of older (and now disabled) MD5 hashed accounts should rush changing their passwords elsewhere, if they have the bad habit of using the same password everywhere...

--
There's a browser safer than Firefox, it is Firefox, with NoScript