January 17, 2021
Hot Topics:

Oops, Mozilla Accidentally Published a User Registration Database

  • By Developer.com Staff

On December 17, Mozilla was notified by a security researcher that a partial database of addons.mozilla.org user accounts was mistakenly left on a Mozilla public server.

"The database included 44,000 inactive accounts using older, md5-based password hashes," Mozilla's Director of Infrastructure Security Chris Lyon said. "We erased all the md5-passwords, rendering the accounts disabled."

All current accounts use a SHA-512 password hash with per-user salts. Lyon said, "Current addons.mozilla.org users and accounts are not at risk."

InternetNews.com's Sean Michael Kerner said that what this proves is how critical it is for organizations to properly manage user data, which Mozilla didn't do here, but also how important it is for organizations to encrypt passwords, which Mozilla has been doing since April 9, 2009 by using SHA-512 with proper salts.

View Article

Originally published on https://www.developer.com.

This article was originally published on December 28, 2010

Enterprise Development Update

Don't miss an article. Subscribe to our newsletter below.

Thanks for your registration, follow us on our social networks to keep up-to-date