IDG News Service - A database of inactive Mozilla usernames and passwords was exposed on the Internet earlier this month, the Mozilla Foundation disclosed on Tuesday.
The database, which contained 44,000 inactive user accounts for the addons.mozilla.org site, was inadvertently placed on a public-facing Web server, wrote Chris Lyon, the Mozilla director of infrastructure security, in a blog posting.
Lyon stressed that the exposure "posed minimal risk to users." The organization erased all the passwords, which were encrypted. It also accounted for every download of the database.
Current users of addons.mozilla.org are not affected, because the organization upgraded its procedure for encrypting passwords in April 2009, Lyon stated.
Mozilla security officials were first notified of the exposure on December 17, through the organization's web bounty program, which allows volunteers to submit security-related bugs.
The Foundation notified all the account holders by e-mail on December 27 of the exposure.
Joab Jackson covers enterprise software and general technology breaking news for The IDG News Service. Follow Joab on Twitter at @Joab_Jackson. Joab's e-mail address is Joab_Jackson@idg.com
Free Insider GuideCopyright © 1994 - 2013 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
