dcsimg
September 19, 2018
Hot Topics:

Oops, Mozilla Accidentally Published a User Registration Database

  • December 28, 2010
  • By Developer.com Staff

On December 17, Mozilla was notified by a security researcher that a partial database of addons.mozilla.org user accounts was mistakenly left on a Mozilla public server.

"The database included 44,000 inactive accounts using older, md5-based password hashes," Mozilla's Director of Infrastructure Security Chris Lyon said. "We erased all the md5-passwords, rendering the accounts disabled."

All current accounts use a SHA-512 password hash with per-user salts. Lyon said, "Current addons.mozilla.org users and accounts are not at risk."

InternetNews.com's Sean Michael Kerner said that what this proves is how critical it is for organizations to properly manage user data, which Mozilla didn't do here, but also how important it is for organizations to encrypt passwords, which Mozilla has been doing since April 9, 2009 by using SHA-512 with proper salts.


View Article



Originally published on https://www.developer.com.


Comment and Contribute

 


(Maximum characters: 1200). You have characters left.

 

 


Enterprise Development Update

Don't miss an article. Subscribe to our newsletter below.

By submitting your information, you agree that developer.com may send you developer offers via email, phone and text message, as well as email offers about other products and services that developer believes may be of interest to you. developer will process your information in accordance with the Quinstreet Privacy Policy.

Sitemap

Thanks for your registration, follow us on our social networks to keep up-to-date