Mozilla Posts File Containing Registered User Data

wiredmikey writes "Mozilla yesterday sent an email to registered users of its addons.mozilla.org site, letting them know that it had mistakenly posted a file to a publicly available Web server which contained data from its user database including email addresses, first and last names, and an md5 hash representation of user passwords."

Re:Kudos to Mozilla

[Opportunist]

No, they should not. But mistakes happen where humans are at work. The question is, how do these human then deal with the problems they caused?

The usual is to hush-hush and hope nobody notices. Mozilla could have done just that, and with far better conscience than other companies who followed that practice. According to the logs, the file was downloaded once, and that's by the person that informed them about the mistake. Essentially, one could assume that this is as "safe" as it gets considering the blunder. If they just decided to shut up about it, probably nobody would have noticed.

But is that the right way to deal with a problem that can potentially affect your customers?

I quite strongly recommend NOT chewing them out for making a mistake but actually applauding their very considerate approach to dealing with it. Consider the "learning effect": Chew them out and the learning effect is that it's better to just hush up when you lose customer data, especially if the chance of it getting into the wrong hands is slim. That's pretty much what most other companies do, and even if it gets out it rarely causes more than a bit of a tempest in a teapot on /.

Outside the security concerned tech community, nobody even notices.

So yes, mistakes like that should not happen. But they do. They happened, they happen and they will happen as long as humans are somehow involved in the process. Hence I welcome how they dealt with it.