Mozilla Accidentally Posts Usernames And Passwords

[Honest 836]

Mozilla Accidentally Posts Usernames and Passwords

Deletes all user passwords and requests users to reset the same

Registered users of Mozilla's add-on website addons.mozilla.org are in for a rude shock. The said users received a message from Mozilla that it had inadvertently exposed their usernames and encrypted passwords. This occurred after the browser giant posted a file containing email addresses, first and last names, and an md5 hash representation of user passwords on a publicly available web server.

The website is an official platform for hosting add-ons related to Mozilla products like Firefox, Thunderbird, and SeaMonkey. As damage control, Mozilla erased all user passwords and has requested users to manually reset the same. It has also implored its users to do the same for any other websites where they may have used the same password. This breach is serious because Mozilla took action only after being informed about the leak by a third party.

We know Mozilla's all for open source, but open source passwords is stretching things too far.

Courtesy : Techtree

[parin 857]

Yes its going very unsafe

Sent from my SCH-I500 using Tapatalk

[_Kailash_ 63]

did it also happen to firefox 4 beat version????

[HetalDP 947]

Dont worry they can not make Password out of MD5 still its safe !!!!

[KanagaDeepan 1,084]

Even if it is Unsafe, I won't care much.. But I fear that our friend, Raccoon bhai will come and beat (me as well as Mozilla) here..

[Karthik R 246]

Go chrome! The fastest flash and graphics rendering browser on earth, that is, if you trust Google with privacy

[MVP 3]

Dont worry they can not make Password out of MD5 still its safe !!!!

Its still unsafe. They can check against a known database of md5 hashes. A lot are available on net. The more characters your password has, the more safe.

Edited December 30, 2010 by MVP

[ami1 237]

Dont worry they can not make Password out of MD5 still its safe !!!!

Its still unsafe. They can check against a known database of md5 hashes. A lot are available on net. The more characters your password has, the more safe.

That's still quite difficult since passwords are salted first before hashing. Anyway, these are only password to your mozilla addons website - most people would keep different passwords for banking and other sites that matter.

Offcourse, it is their fault the file was posted BUT I really appreciate that they didn't hide the fact and keep silent (no one would have known since only 1 person found it and notified them - most corporates would have kept silent when risk of people coming to know is negligible); but publicly acknowledged their mistake.

[Karthik R 246]

Here are some tips for choosing a strong password — one that is difficult to guess.

• Include punctuation marks and/or numbers.
  
• Mix capital and lowercase letters.
  
• Include similar looking substitutions, such as the number zero for the letter 'O' or '$' for the letter 'S'.
  
• Create a unique acronym.
  
• Include phonetic replacements, such as 'Luv 2 Laf' for 'Love to Laugh'.
  

Things to avoid:

• Don't use computers at Internet cafes or in hotel business centers to access any site requiring a login. Period. No exceptions. Internet cafes and hotel businesses are rife with adware, spyware, keyloggers and assorted other malware which likely will not be visible to the naked eye.
  
• Don't use the default password assigned to you unless it's a hard requirement. Some ISPs, for example, pre-configure the account with a username and password combination. You might not be able to change the username, but you definitely should be able to change the password.
  
• Don't reveal your passwords to others. If someone absolutely must have access to your account, change the password before you grant them access, then change it again after their access is no longer required.
  

Courtesy : The Internet

[raccoon 53]

Even if it is Unsafe, I won't care much.. But I fear that our friend, Raccoon bhai will come and beat (me as well as Mozilla) here..

Lol! Even if something does not affect you directly, its never wise to think that it won't affect you indirectly. Everything is connected.