Mozilla inadvertently exposed the passwords of 44,000 inactive addons.mozilla.org accounts, but says there's nothing to worry about. "On December 17th, Mozilla was notified by a security researcher that a partial database of addons.mozilla.org user accounts was mistakenly left on a Mozilla public server," Mozilla's director of …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Tuesday 28th December 2010 20:34 GMT gollux

Sweet!

A sharp asskick all around for such goofery.

3 1
Tuesday 28th December 2010 21:27 GMT M Gale

Ooh.

Nice relatively easy to crack MD5 hashes? Unsalted perchance?

Be good to try the resulting plain text passwords on any number of matching user names on any number of other subscription services, wouldn't you say?

1 2
Wednesday 29th December 2010 00:33 GMT Anonymous Coward

Oh F..k

I just knew that I should've used a different logon and password on those bank accounts.

0 0
Wednesday 29th December 2010 00:33 GMT Doug Glass

What's to stop ....

... the idiot (or idiots) who did this from doing it again with really, for real, sensitive data? And there are actually miscreants out there that tell me I should trust "the cloud". Yeah right. Today's Moziolla idiot is tomorrows cloud idiot. If that's not the case already.

3 0
Wednesday 29th December 2010 12:45 GMT Maurice Shakeshaft

At least it appears they were up front and open

A bit better than some other companies out there....

1 0
Wednesday 29th December 2010 12:47 GMT Anonymous Coward

I, like Larry, wondered if it was a phishing trip...

silly sods...

0 0
Wednesday 29th December 2010 12:48 GMT Glenn Charles

...that feeling

I now have Ad-Aware pro on my machine, free. It's a regularly offered special, I had to go to the right sites...and I may have been phished. What a thought (however, as I said, it's a regular year-end special for subscribers to...eh...something).

--Glenn

0 0
Thursday 30th December 2010 05:25 GMT Framitz

Well that's fine . . .

Fine except for the probably thousands of accounts that use the same name and password EVERYWHERE.

1 0
1. Thursday 30th December 2010 14:45 GMT Michael 77
  
  Same here
  
  Exactomundo!
  
  The dumb-asses!
  
  "Oh, they're only old passwords ..." indeed!
  
  0 0
Thursday 30th December 2010 14:36 GMT prathlev

Relax guys...

Even though weaknesses have been found in MD5 it doesn't mean that Joe Blow can feasibly extract the plaintext password from the hashes that were inadverently posted.

If you think you can, please tell me what plaintext I used for this hash: "0f0d334af847f44e9611204ed72275d0". I'll even tell you it's 14 characters plain english, no funny capitalization.

0 0