Firefox Sync Hacked Since Recent MySpace Password Reuse Hack

Discussion of features in Mozilla Firefox
Locked
justgold79
Posts: 26
Joined: December 11th, 2004, 5:28 pm

Firefox Sync Hacked Since Recent MySpace Password Reuse Hack

Post by justgold79 »

Recently my github account was hacked, after the recent myspace login leak where the hacker is selling 427 million passwords for six bitcoins. I would surmise that this was why I saw a new login to my firefox account (I do not use IE7)! I am a myspace user since 2005.

I am not a regular user of firefox sync, which is why I used my weak forum-class password on this account. No important data or passwords were leaked. Just wanted to give everyone a heads up. If you have access to this leaked list then the password of only those users would need a reset. Or perhaps reset ALL passwords. I don't think the list is available publicly, and I don't have a copy of it.

Like most people, I use the same password on many web accounts, however in light of this hack, I will not be doing so in the future. The great thing about openid support is that you only need to reset one password.

This recent hack raises the specter of the need for 2fa and openid support for all web services.
Firefox Accounts <accounts@firefox.com>
New sign-in to Firefox

IE 7
2016-06-22 18:40 UTC
"My friends, the word 'unblowuppable' is thrown around a lot these days." Homer J. Simpson
User avatar
DanRaisch
Moderator
Posts: 127186
Joined: September 23rd, 2004, 8:57 pm
Location: Somewhere on the right coast

Re: Firefox Sync Hacked Since Recent MySpace Password Reuse

Post by DanRaisch »

Does really have anything to do with Firefox?
User avatar
the-edmeister
Posts: 32249
Joined: February 25th, 2003, 12:51 am
Location: Chicago, IL, USA

Re: Firefox Sync Hacked Since Recent MySpace Password Reuse

Post by the-edmeister »

2f is being developed for FxA = Firefox Accounts - which is what Mozilla uses for Sync logins.
https://support.mozilla.org/en-US/kb/ac ... x-accounts
The Bug reports related to 2 factor are locked to only developer access until the scheme hits Release. There's no way to follow the progress or see how close the project is to completion. But I believe I saw mention from a Sync developer that Firefox 50 might be the current goal for Release. But knowing that Mozilla usually doesn't meet their initial goals, it will probably be later that that.


.
A mind is a terrible thing to waste. Mine has wandered off and I'm out looking for it.
User avatar
James
Moderator
Posts: 27999
Joined: June 18th, 2003, 3:07 pm
Location: Made in Canada

Re: Firefox Sync Hacked Since Recent MySpace Password Reuse

Post by James »

justgold79 wrote:If you have access to this leaked list then the password of only those users would need a reset. Or perhaps reset ALL passwords. I don't think the list is available publicly, and I don't have a copy of it.
Note *.mozillaZine.org is not a part of nor run by Mozilla.org as it is independent. There is no mozilla.org links on top/bottom like a typical Mozilla.site and Mozilla has their own support site at support.mozilla.org
justgold79
Posts: 26
Joined: December 11th, 2004, 5:28 pm

Re: Firefox Sync Hacked Since Recent MySpace Password Reuse

Post by justgold79 »

DanRaisch wrote:Does really have anything to do with Firefox?
Just a reminder to reset your passwords and not use the same password everywhere.
"My friends, the word 'unblowuppable' is thrown around a lot these days." Homer J. Simpson
User avatar
DanRaisch
Moderator
Posts: 127186
Joined: September 23rd, 2004, 8:57 pm
Location: Somewhere on the right coast

Re: Firefox Sync Hacked Since Recent MySpace Password Reuse

Post by DanRaisch »

OK, always good advice.
justgold79
Posts: 26
Joined: December 11th, 2004, 5:28 pm

Re: Firefox Sync Hacked Since Recent MySpace Password Reuse

Post by justgold79 »

James wrote:
justgold79 wrote:If you have access to this leaked list then the password of only those users would need a reset. Or perhaps reset ALL passwords. I don't think the list is available publicly, and I don't have a copy of it.
Note *.mozillaZine.org is not a part of nor run by Mozilla.org as it is independent. There is no mozilla.org links on top/bottom like a typical Mozilla.site and Mozilla has their own support site at support.mozilla.org
I'm just trying to give out a heads up, although now it's too late, all passwords and bookmarks have surely been stolen. Thankfully mine were only forum passwords =D>
"My friends, the word 'unblowuppable' is thrown around a lot these days." Homer J. Simpson
User avatar
DanRaisch
Moderator
Posts: 127186
Joined: September 23rd, 2004, 8:57 pm
Location: Somewhere on the right coast

Re: Firefox Sync Hacked Since Recent MySpace Password Reuse

Post by DanRaisch »

Locking due to the age of previous posts.
Locked