Mozilla continues to remain in the spotlight for all the wrong reasons after it admitted a serious “disclosure” of developer details, including their passwords (albeit encrypted).
It comes shortly after the Firefox creator appointed interim CEO Chris Beard as its permanent chief executive officer, succeeding former CEO Brendan Eich, who resigned in April.
Mozilla warned its members of the problem in a blog posting last Friday and announced that there had been a disclosure associated with its Mozilla Developer Network.
“As soon as we learned of it, the database dump file was removed from the server immediately, and the process that generates the dump was disabled to prevent further disclosure. While we have not been able to detect malicious activity on that server, we cannot be sure there wasn’t any such access.”
The good news for Mozilla developers is that their salted hashed passwords were at least encrypted, and could only be used by hackers if they were authenticated with the MDN website last week, as all developers have to reset their passwords.
That of course doesn’t mean that the breach will not cause problems, especially if like many people, the Mozilla developers used the same passwords for other accounts.
“Still, it is possible that some MDN users could have reused their original MDN passwords on other non-Mozilla websites or authentication systems,” wrote Peters. “We’ve sent notices to the users who were affected. For those that had both email and encrypted passwords disclosed, we recommended that they change any similar passwords they may be using.”
Mozilla said it was examining its current processes to reduce the likelihood of something like this happening again.
We are known for our commitment to privacy and security, and we are deeply sorry for any inconvenience or concern this incident may cause you,” she said.
But some developers are not happy, especially as their email addresses have escaped into the wild. “I Googled my email and found it on a email data list website, I’ll have spam for life,” wrote a user called Kiomi.
“I was wondering why spam started to pour in my gmail account. Found the reason. This is pretty sad,” wrote lordfuoco.
Other complained that Mozilla had not provided enough details of the breach, as some developers were unsure of which of their passwords have been affected. But on the whole, most developers were understanding, and thanked Mozilla for its prompt and open response.
Last week, Paddy Power admitted it was having to contact 649,055 of its customers, after the online betting firm discovered in May that unbeknown to it, its customer database had been compromised – way back in 2010.
Are you a Firefox enthusiast? Take our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…