Menu
Mozilla warns of leaky developer network database

Mozilla warns of leaky developer network database

Email addresses of 76,000 were exposed along with 4,000 encrypted and salted passwords

Mozilla's website for developers leaked email addresses and encrypted passwords of registered users for about a month due to a database error, the organization said Friday.

Email addresses for 76,000 Mozilla Development Network (MDN) users were exposed, along with around 4,000 encrypted passwords, wrote Stormy Peters, director of development relations, and Joe Stevensen, operations security manager in a blog post. Mozilla is notifying those affected.

No malicious activity on the affected server was detected, but that does not mean the data wasn't accessed, they wrote.

A Web developer discovered around 10 days ago that a data sanitization process on the database running the MDN wasn't working. The leak started around June 23 and continued for a month.

"As soon as we learned of it, the database dump file was removed from the server immediately, and the process that generates the dump was disabled to prevent further disclosure," they wrote.

The exposed passwords were encrypted and "salted," a security measure that makes it difficult to revert them to their original form. Even if the passwords were decrypted, "they by themselves cannot be used to authenticate with the MDN website today," according to the post.

Since some people may used the same MDN password on other websites, it's recommended the password be changed.

Mozilla said it was "deeply sorry" for the error.

"In addition to notifying users and recommending short term fixes, we're also taking a look at the processes and principles that are in place that may be made better to reduce the likelihood of something like this happening again," according to the post.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags securitydata breachmozilla

Featured

Slideshows

Sizing up the NZ security spectrum - Where's the channel sweet spot?

Sizing up the NZ security spectrum - Where's the channel sweet spot?

From new extortion schemes, outside threats and rising cyber attacks, the art of securing the enterprise has seldom been so complex or challenging. With distance no longer a viable defence, Kiwi businesses are fighting to stay ahead of the security curve. In total, 28 per cent of local businesses faced a cyber attack last year, with the number in New Zealand set to rise in 2017. Yet amidst the sensationalism, media headlines and ongoing high profile breaches, confusion floods the channel, as partners seek strategic methods to combat rising sophistication from attackers. In sizing up the security spectrum, this Reseller News roundtable - in association with F5 Networks, Kaspersky Lab, Tech Data, Sophos and SonicWall - assessed where the channel sweet spot is within the New Zealand channel. Photos by Maria Stefina.

Sizing up the NZ security spectrum - Where's the channel sweet spot?
Show Comments