Mozilla Posts File Containing Registered User Data 154
wiredmikey writes "Mozilla yesterday sent an email to registered users of its addons.mozilla.org site, letting them know that it had mistakenly posted a file to a publicly available Web server which contained data from its user database including email addresses, first and last names, and an md5 hash representation of user passwords."
Kudos to Mozilla (Score:5, Interesting)
This is really well played by Mozilla. We are witnessing a prime example of crisis-communication. The basic rules are:
- Communicate early (even if you don't have all the facts yet)
- Communicate honestly (even if you're to blame)
- Promise follow-up (as needed)
Performing their crisis-communication this well will probably improve public perception of Mozilla. It will certainly raise the bar for other companies.
Re:Mozilla's public disclosure (Score:5, Interesting)
if they have the bad habit of using the same password everywhere
What alternative do you propose? I must have accounts on 100 different websites by now, including this one. I can't create and remember 100 distinct strong username/password combinations on all of those websites. Unless you're an autistic savant you can't either.
Passwords are false security - they are a way to CYA and blame the victim for causing the problem, while giving them no realistic solution. Sites that depend on their users choosing unique passwords for security are simply insecure, period.