Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

Mozilla Privacy Security

Mozilla Dumps Info of 76,000 Developers To Public Web Server 80

Posted by samzenpus
from the for-everyone's-eyes dept.
wiredmikey writes Mozilla warned on Friday that it had mistakenly exposed information on almost 80,000 members of its Mozilla Developer Network (MDN) as a result of a botched data sanitization process. The discovery was made around June 22 by one of Mozilla's Web developers, Stormy Peters, Director of Developer Relations at Mozilla, said in a security advisory posted to the Mozilla Security Blog on Friday. "Starting on about June 23, for a period of 30 days, a data sanitization process of the Mozilla Developer Network (MDN) site database had been failing, resulting in the accidental disclosure of MDN email addresses of about 76,000 users and encrypted passwords of about 4,000 users on a publicly accessible server," Peters wrote. According to Peters, the encrypted passwords were salted hashes and they by themselves cannot currently be used to authenticate with the MDN. However, Peters warned that MDN users may be at risk if they reused their original MDN passwords on other non-Mozilla websites or authentication systems.
This discussion has been archived. No new comments can be posted.

Mozilla Dumps Info of 76,000 Developers To Public Web Server

Comments Filter:
  • by viperidaenz (2515578) on Sunday August 03, 2014 @06:57PM (#47595833)

    By personal data, they mean 76,000 email addressed and 4000 salted password hashes.

    As for how many times it was accessed, RTFA

    "We traced back as much as we could. Access logs, netflow data, etc.," the user wrote. "We found that the tar.gz containing the DB dump had been downloaded only a small number of times. Mostly by known contributors. But we can't rule out that someone with malicious intentions got access to it."

    Or... you could throw your toys out of your cot and post a rant condemning Mozilla.

    You're obviously not effected by this either or you would already know the answers to your questions because they emailed everyone effected about it already.

  • by raymorris (2726007) on Sunday August 03, 2014 @08:51PM (#47596161)

    DES is the encryption standard which is the basis of what for many years was the most common type of hash.
    For DES-based hashing, as used in .htpasswd files, the least significant bits of the first eight characters are used as a 56-bit key. This key (the users password) is used to encrypt a null bytes, 25 times. crypt(3) accepts a two-character salt, but uses only the lowest six bits of each character, so it's a 12 bit salt and a 56 bit password (maximum).

    crypt(3) can also support better hash algorthims by passing salt values such as $1$xxxxxxxx$ or $5$xxxxxxxxxxxx$