It sounds related to this http://www.securityweek.com/mozilla-mistakenly-posts-file-containing-registered-user-data http://blog.mozilla.com/security/2010/12/27/addons-mozilla-org-disclosure/
-Christopher On Mon, Dec 27, 2010 at 7:41 PM, Logan <wolverine18421...@yahoo.ca> wrote: > Good Evening; > I was quite surprised to see this in my email this evening. I'm not sure what > this is about or even if it's legit. Can someone please take a look at it and > let me know. > Thank you, > Walter Reinhart > > ----- Forwarded Message ---- > From: Mozilla Add-ons <nob...@mozilla.org> > To: wolverine18421...@yahoo.ca > Sent: Mon, December 27, 2010 9:04:12 PM > Subject: Important notice about your addons.mozilla.org account > > Dear addons.mozilla.org user, > > The purpose of this email is to notify you about a possible disclosure > of your information which occurred on December 17th. On this date, we > were informed by a 3rd party who discovered a file with individual user > records on a public portion of one of our servers. We immediately took > the file off the server and investigated all downloads. We have > identified all the downloads and with the exception of the 3rd party, > who reported this issue, the file has been download by only Mozilla > staff. This file was placed on this server by mistake and was a partial > representation of the users database from addons.mozilla.org. The file > included email addresses, first and last names, and an md5 hash > representation of your password. The reason we are disclosing this event > is because we have removed your existing password from the addons site > and are asking you to reset it by going back to the addons site and > clicking forgot password. We are also asking you to change your password > on other sites in which you use the same password. Since we have > effectively erased your password, you don't need to do anything if you > do not want to use your account. It is disabled until you perform the > password recovery. > > We have identified the process which allowed this file to be posted > publicly and have taken steps to prevent this in the future. We are also > evaluating other processes to ensure your information is safe and secure. > > Should you have any questions, please feel free to contact the > infrastructure security team directly at infra...@mozilla.com. If you > are having issues resetting your account, please contact > amo-adm...@mozilla.org. > > We apologize for any inconvenience this has caused. > > Chris Lyon > Director of Infrastructure Security > > > _______________________________________________ > dev-security mailing list > dev-security@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security > _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
