back to article Mozilla exposes 44,000 passwords

Mozilla inadvertently exposed the passwords of 44,000 inactive addons.mozilla.org accounts, but says there's nothing to worry about. "On December 17th, Mozilla was notified by a security researcher that a partial database of addons.mozilla.org user accounts was mistakenly left on a Mozilla public server," Mozilla's director of …

COMMENTS

This topic is closed for new posts.
  1. gollux
    FAIL

    Sweet!

    A sharp asskick all around for such goofery.

  2. M Gale

    Ooh.

    Nice relatively easy to crack MD5 hashes? Unsalted perchance?

    Be good to try the resulting plain text passwords on any number of matching user names on any number of other subscription services, wouldn't you say?

  3. Anonymous Coward
    FAIL

    Oh F..k

    I just knew that I should've used a different logon and password on those bank accounts.

  4. Doug Glass
    Go

    What's to stop ....

    ... the idiot (or idiots) who did this from doing it again with really, for real, sensitive data? And there are actually miscreants out there that tell me I should trust "the cloud". Yeah right. Today's Moziolla idiot is tomorrows cloud idiot. If that's not the case already.

  5. Maurice Shakeshaft

    At least it appears they were up front and open

    A bit better than some other companies out there....

  6. Anonymous Coward
    Unhappy

    I, like Larry, wondered if it was a phishing trip...

    silly sods...

  7. Glenn Charles
    Paris Hilton

    ...that feeling

    I now have Ad-Aware pro on my machine, free. It's a regularly offered special, I had to go to the right sites...and I may have been phished. What a thought (however, as I said, it's a regular year-end special for subscribers to...eh...something).

    --Glenn

  8. Framitz
    Flame

    Well that's fine . . .

    Fine except for the probably thousands of accounts that use the same name and password EVERYWHERE.

    1. Michael 77
      Thumb Up

      Same here

      Exactomundo!

      The dumb-asses!

      "Oh, they're only old passwords ..." indeed!

  9. prathlev
    Happy

    Relax guys...

    Even though weaknesses have been found in MD5 it doesn't mean that Joe Blow can feasibly extract the plaintext password from the hashes that were inadverently posted.

    If you think you can, please tell me what plaintext I used for this hash: "0f0d334af847f44e9611204ed72275d0". I'll even tell you it's 14 characters plain english, no funny capitalization.

This topic is closed for new posts.

Other stories you might like