http://www.securityweek.com/mozilla-mistakenly-posts-file-containing-registered-user-data
On Mon, Dec 27, 2010 at 9:46 PM, Larry Seltzer <[email protected]> wrote: > Does this look right to you? The only links in it are e-mail addresses on > Mozilla.org, but there's nothing about this on the add-ons site or their > discussion forum. > > I included full headers at bottom. It checks out for DKIM but for domain > socketlabs-od.com, not the [email protected] from: address > > I think it must be legit, but it's clumsy. In fact I can't log in to my > addons.mozilla.org account with the password I think I used, but I've > forgotten these things in the past. > > -----Original Message----- > From: Mozilla Add-ons [mailto:[email protected]] > Sent: Monday, December 27, 2010 8:23 PM > To: [email protected] > Subject: Important notice about your addons.mozilla.org account > > Dear addons.mozilla.org user, > > The purpose of this email is to notify you about a possible disclosure > of your information which occurred on December 17th. On this date, we > were informed by a 3rd party who discovered a file with individual user > records on a public portion of one of our servers. We immediately took > the file off the server and investigated all downloads. We have > identified all the downloads and with the exception of the 3rd party, > who reported this issue, the file has been download by only Mozilla > staff. This file was placed on this server by mistake and was a partial > representation of the users database from addons.mozilla.org. The file > included email addresses, first and last names, and an md5 hash > representation of your password. The reason we are disclosing this event > is because we have removed your existing password from the addons site > and are asking you to reset it by going back to the addons site and > clicking forgot password. We are also asking you to change your password > on other sites in which you use the same password. Since we have > effectively erased your password, you don't need to do anything if you > do not want to use your account. It is disabled until you perform the > password recovery. > > We have identified the process which allowed this file to be posted > publicly and have taken steps to prevent this in the future. We are also > evaluating other processes to ensure your information is safe and secure. > > Should you have any questions, please feel free to contact the > infrastructure security team directly at [email protected]. If you > are having issues resetting your account, please contact > [email protected]. > > We apologize for any inconvenience this has caused. > > Chris Lyon > Director of Infrastructure Security > > Delivered-To: [email protected] > Received: by 10.204.116.20 with SMTP id k20cs141857bkq; > Mon, 27 Dec 2010 17:46:08 -0800 (PST) > X-pstn-nxpr: disp=neutral, [email protected] > X-pstn-nxp: bodyHash=66ddcc7c1146c02b3d765400c60b5b4b63b1c18f, > headerHash=2e6464f9be8d0550804ea21a1675cf1fea012484, keyName=4, > rcptHash=4f063fda8b23347fdebfe411b5a102e1f62c48d5, sourceip=64.151.119.54, > version=1 > Received: by 10.42.230.137 with SMTP id jm9mr13084079icb.256.1293500767975; > Mon, 27 Dec 2010 17:46:07 -0800 (PST) > Return-Path: <[email protected]> > Received: from psmtp.com ([74.125.149.125]) > by mx.google.com with SMTP id > c4si32662907ict.89.2010.12.27.17.46.06; > Mon, 27 Dec 2010 17:46:06 -0800 (PST) > Received-SPF: pass (google.com: domain of > [email protected] designates 64.151.119.54 > as permitted sender) client-ip=64.151.119.54; > Authentication-Results: mx.google.com; spf=pass (google.com: domain of > [email protected] designates 64.151.119.54 > as permitted sender) > [email protected]; dkim=pass > [email protected] > Received: from source ([64.151.119.54]) by na3sys009amx241.postini.com > ([74.125.148.10]) with SMTP; > Mon, 27 Dec 2010 17:46:06 PST > DKIM-Signature: v=1; a=rsa-sha1; > d=socketlabs-od.com;[email protected];s=key2301; > c=relaxed/relaxed; q=dns/txt; t=1293500765; x=1296092765; > > h=content-type:mime-version:content-transfer-encoding:subject:from:to:date:message-id; > bh=/ytloLh9E/pljA6x1HqEaq7CPl0=; > > b=BeMci02UMQBSsBhVOLUCeZBO76RKdbK3LLPu3VYXV86vXCB7TVYsTe0tyci6MTbFFi7wMrGQxcdU2fdW8jp2bA1o6hwHx4m7zIOkSXqi2r8AOkLs8kLPLs6mXh4PPv+BQ+1yhANUCs+WiaDAHeuHD6EXGS1vinzWxnHfULldDko= > X-Thread-Info: OGZkLjEyLmFjMDAwMDAwNjI5NTRkLmxhcnJ5PWxhcnJ5c2VsdHplci5jb20= > Received: from mradm02.mozilla.org ([63.245.208.139]) by mail30.email-od.com > with ESMTP; Mon, 27 Dec 2010 20:22:47 -0500 > Content-Type: text/plain; charset="utf-8" > MIME-Version: 1.0 > Content-Transfer-Encoding: quoted-printable > Subject: Important notice about your addons.mozilla.org account > From: Mozilla Add-ons <[email protected]> > To: [email protected] > Date: Tue, 28 Dec 2010 01:22:49 -0000 > Message-ID: <[email protected]> > X-pstn-neptune: 0/0/0.00/0 > X-pstn-levels: (S:30.60055/99.90000 CV:99.9000 FC:95.5390 LC:95.5390 > R:95.9108 P:95.9108 M:97.0282 C:98.6951 ) > X-pstn-settings: 2 (0.5000:0.5000) s cv gt3 gt2 gt1 > X-pstn-addresses: from <[email protected]> [2067/81] > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. > _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
