Passwords merged from multiple profiles
When I logged into my Firefox account on a computer given to me by my employer, I acquired all the login info from all the other Firefox profiles on the computer, including bank details and a porn account. What's up with that?
I deleted all those old profiles and purged the extraneous passwords from my password list but did my passwords go online and mix with all those other people's passwords? And could someone repairing my computer open up their Firefox account and capture all of my passwords in the same manner?
Curious to know...
All Replies (4)
This would only happen if you connect all your devices to the same Firefox Sync account. There is no master for Sync and data from all connected devices is uploaded to the Sync server and merged to the other devices, so eventually all devices will end up with the same data. If you do not want this to happen then you need to use separate Sync accounts or only sync data that you want to appear on other devices. You will have to clean this up manually or choose to remove synced data when you disconnect a device. Do not remove data when you are connected to Sync as that will remove this data on the other devices.
Thanks for your reply. Then Sync is a pretty big security risk as anybody could set their Firefox account to sync and grab all the passwords, either while working on a computer or using a shared computer.
I have no idea what my sync settings are or were as the control is not clear to me, and I was never able to understand what exactly I was syncing. Right now, my sync setting says "sign in to reconnect." Hopefully, the problem won't happen again. I don't think I ever what to reconnect to sync. And I'll be sure to delete my Firefox profile off my work computer and use a different browser.
Seems like a pretty poor feature.
Fundamentally, Firefox is a local application and data is stored purely locally. It sounds like someone failed to clean up after themselves on that work PC.
When you sign into a Firefox Account, then Sync can share/merge the locally stored data with your other Firefox installations (you can manage which categories of data sync, see How do I choose what information to sync on Firefox?).
No one else is connected to your Firefox Account or receiving data through Sync, but of course, to avoid your data being stored locally and available to the next person on a shared PC, you should either do what you did (remove all personal data) or just avoid signing into your Firefox Account on a system you do not control.
You can check on the Firefox Account Settings page what devices are connected, just to be sure.