What can only be described as a large mistake by someone, Mozilla somehow accidentally left a partial database of user accounts on a public server. This breach in security went on for some time, until on December 17 after Mozilla was notified by a security researcher of the issue.
The leaked database contained 44,000 inactive accounts for addons.mozilla.org that had passwords hashed using md5 technology. This leak only affected accounts created before April 9, 2009, as since then up through now Mozilla uses a SHA-512 password hash with per-user salts to protect account data.
Bookmarks