Thousands of Mozilla developers’ personal information, including email addresses and encoded passwords, was inadvertently exposed due to database malfunction. Mozilla officials raised the alarm on this issue on Friday, voicing their worry that cyberspace attackers could have possibly accessed this data.
The exposure incident began on June 23, leaving approximately 76,000 email addresses and 4,000 encoded passwords exposed to the public for about a month yet there is no absolute proof that the data was accessed, according to a blog post. Firefox officials investigating the incident haven’t entirely ruled out the likelihood. In a worst-case scenario where cyber criminals manage to decrypt the secure passwords, they won’t be able to use these passwords gain direct access to the Mozilla Developer Network accounts. However, if those passwords are used for other accounts, those could be potentially threatened. The root cause of this information leak was a breach in the data “sanitization” process, which unintentionally sent the email addresses and decrypted passwords to a publicly viewable server.
Joe Stevensen, the Security Operations Manager and Stormy Peters, the Director of Developer Relations, professed their regret about the incident, saying:
“Despite the encoded passwords being salted hashes which in themselves can’t be utilized for authenticating the MDN website today, there is a risk that some MDN users might have reused their original MDN passwords on other non-Mozilla platforms or authentication systems. We have sent notifications to the affected users. For users whose email and hashed passwords were exposed, we strongly suggested changing any identical passwords being used anywhere else.”
As well as alerting impacted users and suggesting immediate actions, Mozilla is reassessing its current processes and protocols with the goal to enhance them to reduce the occurrence of such disruptions in the future.
For additional queries, email security@mozilla.org.
source: Dan Goodin /arstechnica
Updated in 2025 to align with recent developments.
Paul Balo is the founder of TechBooky and a highly skilled wireless communications professional with a strong background in cloud computing, offering extensive experience in designing, implementing, and managing wireless communication systems.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
