Mozilla, the developers of the Firefox web browser have accidentally published 44,000 user ID details. The database which held usernames and password hashes of 44,000 inactive accounts of users of addons.mozilla.org was made public inadvertently.
Mozilla have been quick to mention the breach, and there is information on it on their security blog. Mozilla have already taken action, and all of the users who were potentially affected by the breach have already been contacted by email.
In regards to the issue, the director of infrastructure at Mozilla, Chris Lyon mentioned that they had been made aware that the database was mistakenly left on a Mozilla public server. Lyon said; “We were able to account for every download of the database. This issue posed minimal risk to users, however as a precaution we felt we should disclose this issue to people affected and err on the side of disclosure.”
All passwords which were stored before 9 April 2009 were stored using a method which had exploitable weaknesses which would allow the hack-savvy to access the information, but Mozillas has since used more secure methods of keeping user information safe.
The database of 44,000 inactive accounts has had all the passwords deleted, which has rendered the accounts now disabled. If you received the email Mozilla sent out however, you may still want to change your password just to be on the safe side.
Via: T3