Mozilla Website Exposed Encrypted Passwords

Mozilla yesterday disclosed that a database of inactive Mozilla usernames and passwords was exposed on the Internet earlier this month.

The database contained 44,000 inactive user accounts for the addons.mozilla.org website. According to Mozilla the database was inadvertently placed on a public-facing web server.

Mozilla said that the exposure posed minimal risks to its users. The company erased all the passwords which were encrypted and accounted for every download of the database.

The company also stated that current users of Mozilla have not been affected, as the organization upgraded its procedure for encrypting passwords in April 2009.

Mozilla was informed of the breach on December 17, through the organization’s web bounty program, which allows volunteers to submit security-related bugs.

The company also notified all account holders by e-mail of the exposure on December 27.

We wonder why Mozilla would have taken 10 days before adhering to guidelines in reporting the breach and notifying affected users.

Enjoyed this article? Submit your email to receive daily news and updates.

***You must click confirmation link sent in email. If you don't see the email, check spam folder.

Filed in: News, Security Tags: , ,

Leave a Reply

Submit Comment

© 2022 Tech Readers. Reproduction without explicit permission is prohibited. All Rights Reserved. XHTML / CSS Valid.