diTii.com Digital News Hub

Sign up with your email address to be the first to know about latest news and more.

I agree to have my personal information transfered to MailChimp (more information)


Mozilla Leaks Database of 44,000 Inactive Accounts

In a major security breach, Mozilla accidentally left a partial database of user accounts for some time, until Dec’17th, when Mozilla was notified by a security researcher of the issue.

“The leaked database included 44,000 inactive accounts using older, md5-based password hashes. We erased all the md5-passwords, rendering the accounts disabled. All current addons.mozilla.org accounts use a more secure SHA-512 password hash with per-user salts. SHA-512 and per user salts has been the standard storage method of password hashes for all active users since April 9th, 2009.

It’s important to note that current addons.mozilla.org users and accounts aren’t at risk. Additionally, this incident didn’t impact any of Mozilla’s infrastructure,” said Chris Lyon, Director of Infrastructure Security.

Mozilla was reported about the issue via its web bounty program. The company “was able to account for every download of the database. This issue posed minimal risk to users, however as a precaution we felt we should disclose this issue to people affected and err on the side of disclosure,” added Chris.


Share This Story, Choose Your Platform!

Get Latest News

Subscribe to Digital News Hub

Get our daily newsletter about the latest news in the industry.
First Name
Last Name
Email address
Secure and Spam free...