Firefox developer Mozilla has revealed that a database containing usernames and password hashes belonging to thousands of users of addons.mozilla.org had been posted publicly by accident. Around 44,000 e-mail addresses, first and last names, and an md5 hash representation of your password were revealed in that accidental disclosure. But Mozilla says there’s nothing to worry about. Mozilla security officials were first notified of the exposure on December 17, through the organization’s web bounty program, which allows volunteers to submit security-related bugs. The Foundation notified all the account holders by e-mail on December 27 of the exposure.

Chris Lyon, the Mozilla director of infrastructure security, in a blog posting stressed that the exposure “posed minimal risk to users.” Mozilla removed all those users’ passwords from the add-ons site and requested that users perform the password reset function in order to create a new one. To do so, users click “I forgot my password” at the login screen and enter an e-mail address. An e-mail with a personalized link is sent to the e-mail address, which is associated with a particular account. That link brings the user to a page that resets the password. Until that is done, the user cannot log in.

While, current users of addons.mozilla.org are not affected as the organization upgraded its procedure for encrypting passwords in April 2009. On April 9, 2009, Mozilla changed to a password system using SHA-512 password hashes and per-user salts. Also, users with active accounts were not affected.

Following lost emails databases at Walgreens, McDonalds, and others; Microsoft’s leak of business users’ contacts from the cloud; and Gawker’s loss of users names, passwords, and site information, we can say that internet firms are having a tougher time and it seems like, someone is peeping into our privacy. I think this is really disgusting.

Via pcmag