Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mozilla Posts File Containing Registered User Data

Posted by Soulskill on from the heads-up dept.

wiredmikey writes "Mozilla yesterday sent an email to registered users of its addons.mozilla.org site, letting them know that it had mistakenly posted a file to a publicly available Web server which contained data from its user database including email addresses, first and last names, and an md5 hash representation of user passwords."

2 of 154 comments (clear)

  1. Re:Kudos to Mozilla by higuita · · Score: 4, Insightful

    it should not happen, but we are all humans (i think!!) and human people do mistakes (and scripts/robots break and fail by the way)

    all of us that administer servers have done some mistake in the past and probably will make more in the future. We can try to put enough road blocks to reduce the severity of the mistake, but they happen.

    so as "sh*t happens", the openness and honesty of mozilla is to praise, most close source companies would try to hide and ignore things like this.

    --
    Higuita
  2. Re:Kudos to Mozilla by Opportunist · · Score: 5, Insightful

    No, they should not. But mistakes happen where humans are at work. The question is, how do these human then deal with the problems they caused?

    The usual is to hush-hush and hope nobody notices. Mozilla could have done just that, and with far better conscience than other companies who followed that practice. According to the logs, the file was downloaded once, and that's by the person that informed them about the mistake. Essentially, one could assume that this is as "safe" as it gets considering the blunder. If they just decided to shut up about it, probably nobody would have noticed.

    But is that the right way to deal with a problem that can potentially affect your customers?

    I quite strongly recommend NOT chewing them out for making a mistake but actually applauding their very considerate approach to dealing with it. Consider the "learning effect": Chew them out and the learning effect is that it's better to just hush up when you lose customer data, especially if the chance of it getting into the wrong hands is slim. That's pretty much what most other companies do, and even if it gets out it rarely causes more than a bit of a tempest in a teapot on /.

    Outside the security concerned tech community, nobody even notices.

    So yes, mistakes like that should not happen. But they do. They happened, they happen and they will happen as long as humans are somehow involved in the process. Hence I welcome how they dealt with it.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.