Email: "Important notice about your addons.mozilla.org acc..
-
- Posts: 164
- Joined: October 25th, 2006, 1:10 am
Email: "Important notice about your addons.mozilla.org acc..
Is this some kind of tricky chit, or legit?
The sender:
nobody at mozilla.org
The subject/title:
Important notice about your addons.mozilla.org account
The contents:
Dear addons.mozilla.org user,
The purpose of this email is to notify you about a possible disclosure
of your information which occurred on December 17th. On this date, we
were informed by a 3rd party who discovered a file with individual user
records on a public portion of one of our servers. We immediately took
the file off the server and investigated all downloads. We have
identified all the downloads and with the exception of the 3rd party,
who reported this issue, the file has been download by only Mozilla
staff. This file was placed on this server by mistake and was a partial
representation of the users database from addons.mozilla.org. The file
included email addresses, first and last names, and an md5 hash
representation of your password. The reason we are disclosing this event
is because we have removed your existing password from the addons site
and are asking you to reset it by going back to the addons site and
clicking forgot password. We are also asking you to change your password on other sites in which you use the same password. Since we have effectively erased your password, you don't need to do anything if you do not want to use your account. It is disabled until you perform the password recovery.
We have identified the process which allowed this file to be posted
publicly and have taken steps to prevent this in the future. We are also
evaluating other processes to ensure your information is safe and secure.
Should you have any questions, please feel free to contact the
infrastructure security team directly at infrasec at mozilla.com. If you
are having issues resetting your account, please contact
amo-admins at mozilla.org.
We apologize for any inconvenience this has caused.
Chris Lyon
Director of Infrastructure Security
The sender:
nobody at mozilla.org
The subject/title:
Important notice about your addons.mozilla.org account
The contents:
Dear addons.mozilla.org user,
The purpose of this email is to notify you about a possible disclosure
of your information which occurred on December 17th. On this date, we
were informed by a 3rd party who discovered a file with individual user
records on a public portion of one of our servers. We immediately took
the file off the server and investigated all downloads. We have
identified all the downloads and with the exception of the 3rd party,
who reported this issue, the file has been download by only Mozilla
staff. This file was placed on this server by mistake and was a partial
representation of the users database from addons.mozilla.org. The file
included email addresses, first and last names, and an md5 hash
representation of your password. The reason we are disclosing this event
is because we have removed your existing password from the addons site
and are asking you to reset it by going back to the addons site and
clicking forgot password. We are also asking you to change your password on other sites in which you use the same password. Since we have effectively erased your password, you don't need to do anything if you do not want to use your account. It is disabled until you perform the password recovery.
We have identified the process which allowed this file to be posted
publicly and have taken steps to prevent this in the future. We are also
evaluating other processes to ensure your information is safe and secure.
Should you have any questions, please feel free to contact the
infrastructure security team directly at infrasec at mozilla.com. If you
are having issues resetting your account, please contact
amo-admins at mozilla.org.
We apologize for any inconvenience this has caused.
Chris Lyon
Director of Infrastructure Security
-
- Guest
Re: Anyone else get this email from Mozilla?
I got the same thing... also not clear about its authenticity.
-
- Posts: 103
- Joined: November 22nd, 2004, 6:00 pm
Re: Anyone else get this email from Mozilla?
I got it too, I smell something fishy about the whole thing. Do you need a password to use the addons website anyway??? Maybe to review or comment about a particular addon?
Thunderbird 3.0
- the-edmeister
- Posts: 32249
- Joined: February 25th, 2003, 12:51 am
- Location: Chicago, IL, USA
Re: Anyone else get this email from Mozilla?
Should you have any questions, please feel free to contact the
infrastructure security team directly at infrasec at mozilla.com. If you
are having issues resetting your account, please contact
amo-admins at mozilla.org.
Did you start a dialog via those email addy's?
.
A mind is a terrible thing to waste. Mine has wandered off and I'm out looking for it.
-
- Guest
Re: Anyone else get this email from Mozilla?
I also got this email. Can't find any info about it. What does it mean to us? Is it phishing?
-
- Posts: 103
- Joined: November 22nd, 2004, 6:00 pm
Re: Anyone else get this email from Mozilla?
I didn't want to even touch that email with a 10' pole. (-:
Thunderbird 3.0
- malliz
- Folder@Home
- Posts: 43796
- Joined: December 7th, 2002, 4:34 am
- Location: Australia
Re: Anyone else get this email from Mozilla?
Ever thought about asking on Sumo?
What sort of man would put a known criminal in charge of a major branch of government? Apart from, say, the average voter.
"Terry Pratchett"
"Terry Pratchett"
-
- Posts: 103
- Joined: November 22nd, 2004, 6:00 pm
Re: Anyone else get this email from Mozilla?
If I knew what sumo is besides a sport maybe...
Thunderbird 3.0
-
- Posts: 8829
- Joined: May 7th, 2006, 10:29 pm
- Location: California
Re: Anyone else get this email from Mozilla?
clouserw on IRC says the following:
[21:52] <clouserw> KWierso: it's legitimate
the security team is writing a blog post that will be published shortly
where you can ask more questions if you'd like
[21:52] <clouserw> KWierso: it's legitimate
the security team is writing a blog post that will be published shortly
where you can ask more questions if you'd like
-
- Guest
Re: Anyone else get this email from Mozilla?
cyrix007 wrote:Is this some kind of tricky chit, or legit?
Yeah, it's a tricky chit to find out your Email address. Cunning devils.
They even more cunningly expect you to find the Addons site yourself, rather than providing a phishing fake link to one. The nerve of these people!
bobch wrote:Do you need a password to use the addons website anyway???
Er, yes, if you want to leave a 'review'.
-
- Guest
Re: Anyone else get this email from Mozilla?
Guest wrote:cyrix007 wrote:Is this some kind of tricky chit, or legit?
Yeah, it's a tricky chit to find out your Email address. Cunning devils.. .
No, just kidding, it's legit.
-
- Posts: 8829
- Joined: May 7th, 2006, 10:29 pm
- Location: California
- James
- Moderator
- Posts: 28007
- Joined: June 18th, 2003, 3:07 pm
- Location: Made in Canada
Re: Anyone else get this email from Mozilla?
bobch wrote:If I knew what sumo is besides a sport maybe...
support.mozilla.com
However I think https://forums.mozilla.org/addons/ would be more applicable.
- FatJohn
- Posts: 3165
- Joined: October 19th, 2007, 10:19 am
Re: Anyone else get this email from Mozilla?
For somebody wondering why this question is here, read E-mail spoofing.
I think the giveaway in this post was the return address, which also pointed back to Mozilla. Of course, one can never be sure and so this thread was started.
I think the giveaway in this post was the return address, which also pointed back to Mozilla. Of course, one can never be sure and so this thread was started.
- LoudNoise
- New Member
- Posts: 39900
- Joined: October 18th, 2007, 1:45 pm
- Location: Next door to the west
Re: Anyone else get this email from Mozilla?
KWierso wrote:http://blog.mozilla.com/security/2010/12/27/addons-mozilla-org-disclosure/
(Also placed a working link. http://blog.mozilla.com/security/2010/1 ... isclosure/ )
Thanks for posting this KWierso. Looks like it isn't a big deal. Retitled and made into a 5 day sticky.
Post wrangler
"Choose between the Food Select Feature or other Functions. If no food or function is chosen, Toast is the default."
"Choose between the Food Select Feature or other Functions. If no food or function is chosen, Toast is the default."