Hi

To clarify, you have 7000 other credentials listed in about:logins and you do not recognise the usernames or the sites as being places where you have accounts?

Yes, correct

Could you or someone with access to your user credentials have signed into Firefox Sync on a different devices where there were already saved login information?

I just wrote a long reply but when I went to send the site apparently shut me out. Short story is after the update all my bookmarks were gone. I managed to recover them but then the password manager had 7877 names and PWs that weren't mine. I had tried syncing with a loptop and partially recovered my bookmarks before getting them all back but that laptop is mine and has never been used by anyone else. I do not share credentials with anyone, not even my wife. I don't know what the issue is but these names and PWs are mostly current. Mozilla appears to have a compromise issue but there is no number or direct contact to them (security maybe?) I have seen on the site so I ended posting my issue here. Any advice? I'm afraid my own info is now compromised as well!

What steps did you take to recover your lost bookmarks?

• https://support.mozilla.org/en-US/kb/recover-lost-or-missing-bookmarks

Sounds like you may have imported a CSV password backup.

• https://support.mozilla.org/en-US/kb/import-login-data-file

1. I restarted the computer several times (full shutdown, not just "restart"). No joy. 2. I tried a recovery to a previous date - although a good number of dates were offered, every time I'd click on one I'd get a "not found" or "can't open this file". 3. I synced to a laptop I own and got a partial (older, dated) bookmark file. Something, but not really there. 4. Then I noticed on hitting the bookmark dropdown that a line appeared about "if you have a problem with bookmarks . . ." I don't recall the exact procedure but I believe it had to do with going into "config". This worked - my full bookmarks from the previous day were all there. Then, on going to a login required site I saw that the auto fill feature offered my MANY login username/password options including my own. This was odd and new. I've spent about two weeks trying to resolve before posting to this site.

sheirich01, the Sync data is end to end encrypted, meaning that Mozilla will be storing only encrypted copies of people's logins on their servers, meaning that this is very unlikely to have been due to a compromise at Mozilla's end.

It is more likely, as has been suggested, that you logged into Sync on a device that was already using a pre-existing local profile that contained these logins. resulting in these locally stored passwords getting merged with your own Sync data.

Have you logged into Sync on a device that was previously used by someone else? (whether it was their device in the first place, or perhaps you let someone else log into their own Sync on one of your devices aside from the laptop?)

TechHorse, your thoughts make sense but I know that I have never logged into someone else's device nor shared a device with anyone. My laptop was bought brand new from the manufacturer as was my desktop - the only devices I have ever synced. Neither ever left my home nor had anyone besides me used them.

I agree that it seems as if another password profile was merged with my own but I have no idea how that could happen. I only know this showed up on the date of the last Mozilla Firefox update after I recovered my bookmarks file.

Regardless of how that happened I have access to Thousands of other user's name/password combos and I certainly didn't try to do that in any way whatsoever. I've done what I can to alert Mozilla to this.

My intention now is to move my bookmarks over to Edge or Chrome and delete all passwords on Firefox as well as closing down all Mozilla accounts and be done with it.

Thanks to all who responded! Cheers

sheirich01, just a further thought. Do you use any add-ons, especially ones that deal with passwords? But I understand if you are finished with this matter.

All answers point to user error. Are the 'powers that be' looking into the possibility that information provided by user is complete & correct? That it is some sort of glitch /. hack / security flaw Is this being addressed by Mozilla / Firefox? It is pretty concerning.

Please see https://www.mozilla.org/security/ for contact details.

There's a section called "Contacting Mozilla" — "If you believe that you've found a Mozilla-related security vulnerability, please report it by sending email to…" etc. to follow.

nkd az, this is the community support forum and so there are no guarantees that the powers that be will become aware of anything that is posted here.

Genuine bugs need to be reported at Bugzilla to be certain that the right people see them.

That said, it is always worth exhausting other possibilities first (such as user actions, use of add-ons etc.) before elevating a matter to Bugzilla.

If say Sync has glitched and sent some user's logins to others, then this would represent a major issue. Not least of all because Mozilla shouldn't even be storing what would essentially be plaintext copies of people's logins on their servers in the first place. That would not be end-to-end encryption.

So before moving to Bugzilla / the most problematic explanations, it is worth exploring the less serious possibilities first. Which I do not believe has been completed here, although I understand if the author has finished with the subject.