August 28, 2014
Hot Topics:
RSS RSS feed Download our iPhone app

Oops, Mozilla Accidentally Published a User Registration Database

  • December 28, 2010
  • By Developer.com Staff

On December 17, Mozilla was notified by a security researcher that a partial database of addons.mozilla.org user accounts was mistakenly left on a Mozilla public server.

"The database included 44,000 inactive accounts using older, md5-based password hashes," Mozilla's Director of Infrastructure Security Chris Lyon said. "We erased all the md5-passwords, rendering the accounts disabled."

All current accounts use a SHA-512 password hash with per-user salts. Lyon said, "Current addons.mozilla.org users and accounts are not at risk."

InternetNews.com's Sean Michael Kerner said that what this proves is how critical it is for organizations to properly manage user data, which Mozilla didn't do here, but also how important it is for organizations to encrypt passwords, which Mozilla has been doing since April 9, 2009 by using SHA-512 with proper salts.


View Article


Tags: privacy, Mozilla, security breach

Originally published on http://www.developer.com.


Comment and Contribute

 


(Maximum characters: 1200). You have characters left.

 

 


Sitemap | Contact Us

Rocket Fuel