MozillaZine

Firefox Sync Hacked Since Recent MySpace Password Reuse Hack

Discussion of features in Mozilla Firefox
justgold79
 
Posts: 25
Joined: December 11th, 2004, 5:28 pm

Post Posted June 24th, 2016, 11:11 am

Recently my github account was hacked, after the recent myspace login leak where the hacker is selling 427 million passwords for six bitcoins. I would surmise that this was why I saw a new login to my firefox account (I do not use IE7)! I am a myspace user since 2005.

I am not a regular user of firefox sync, which is why I used my weak forum-class password on this account. No important data or passwords were leaked. Just wanted to give everyone a heads up. If you have access to this leaked list then the password of only those users would need a reset. Or perhaps reset ALL passwords. I don't think the list is available publicly, and I don't have a copy of it.

Like most people, I use the same password on many web accounts, however in light of this hack, I will not be doing so in the future. The great thing about openid support is that you only need to reset one password.

This recent hack raises the specter of the need for 2fa and openid support for all web services.

Firefox Accounts <accounts@firefox.com>
New sign-in to Firefox

IE 7
2016-06-22 18:40 UTC
"My friends, the word 'unblowuppable' is thrown around a lot these days." Homer J. Simpson

DanRaisch
Moderator

User avatar
 
Posts: 115810
Joined: September 23rd, 2004, 8:57 pm
Location: Somewhere on the right coast

Post Posted June 24th, 2016, 11:34 am

Does really have anything to do with Firefox?

the-edmeister

User avatar
 
Posts: 31787
Joined: February 25th, 2003, 12:51 am
Location: Chicago, IL, USA

Post Posted June 24th, 2016, 1:24 pm

2f is being developed for FxA = Firefox Accounts - which is what Mozilla uses for Sync logins.
https://support.mozilla.org/en-US/kb/ac ... x-accounts
The Bug reports related to 2 factor are locked to only developer access until the scheme hits Release. There's no way to follow the progress or see how close the project is to completion. But I believe I saw mention from a Sync developer that Firefox 50 might be the current goal for Release. But knowing that Mozilla usually doesn't meet their initial goals, it will probably be later that that.


.
A mind is a terrible thing to waste. Mine has wandered off and I'm out looking for it.

James
Moderator

User avatar
 
Posts: 26723
Joined: June 18th, 2003, 3:07 pm
Location: Made in Canada

Post Posted June 24th, 2016, 1:46 pm

justgold79 wrote:If you have access to this leaked list then the password of only those users would need a reset. Or perhaps reset ALL passwords. I don't think the list is available publicly, and I don't have a copy of it.

Note *.mozillaZine.org is not a part of nor run by Mozilla.org as it is independent. There is no mozilla.org links on top/bottom like a typical Mozilla.site and Mozilla has their own support site at support.mozilla.org

justgold79
 
Posts: 25
Joined: December 11th, 2004, 5:28 pm

Post Posted June 28th, 2016, 7:30 am

DanRaisch wrote:Does really have anything to do with Firefox?


Just a reminder to reset your passwords and not use the same password everywhere.
"My friends, the word 'unblowuppable' is thrown around a lot these days." Homer J. Simpson

DanRaisch
Moderator

User avatar
 
Posts: 115810
Joined: September 23rd, 2004, 8:57 pm
Location: Somewhere on the right coast

Post Posted June 28th, 2016, 4:25 pm

OK, always good advice.

justgold79
 
Posts: 25
Joined: December 11th, 2004, 5:28 pm

Post Posted April 5th, 2017, 4:18 am

James wrote:
justgold79 wrote:If you have access to this leaked list then the password of only those users would need a reset. Or perhaps reset ALL passwords. I don't think the list is available publicly, and I don't have a copy of it.

Note *.mozillaZine.org is not a part of nor run by Mozilla.org as it is independent. There is no mozilla.org links on top/bottom like a typical Mozilla.site and Mozilla has their own support site at support.mozilla.org


I'm just trying to give out a heads up, although now it's too late, all passwords and bookmarks have surely been stolen. Thankfully mine were only forum passwords =D>
"My friends, the word 'unblowuppable' is thrown around a lot these days." Homer J. Simpson

DanRaisch
Moderator

User avatar
 
Posts: 115810
Joined: September 23rd, 2004, 8:57 pm
Location: Somewhere on the right coast

Post Posted April 5th, 2017, 5:02 am

Locking due to the age of previous posts.

Return to Firefox Features


Who is online

Users browsing this forum: No registered users and 2 guests