Mozilla Loses Users Names, Email Addresses, Hashed Passwords

From DailyTech: These days internet firms seem to be having a tougher and tougher time holding on to your private data. Following lost emails databases at Walgreens, McDonalds, and others; Microsoft's leak of business users' contacts from the cloud; and Gawker's loss of users names, passwords, and site information, Mozilla has become the latest to fail to keep its users confidential data secure.

Chris Lyon, Director of Infrastructure Security at Mozilla, wrote users of its addons page to let them know it might have accidentally shared their encrypted passwords. Worse yet, it turns out that the file contained passwords protected by an older hashing algorithm MD5, without any salting (random input to protect against dictionary attacks).

In other words, active users likely don't have much to worry about, but if you created an account in the past, which you haven't used in some time, it's likely that malicious parties may have at least your name and email address. And if your password is weak, they'll likely soon have that as well -- so users who fall into this category might want to immediately change any identical passwords on accounts on other sites.

View: Article @ Source Site