|Last 7 Days News :
Sunday, August 03, 2014
Passwords Of Mozilla's Developers Exposed
Mozilla said that a possible malicious activity on one of its servers disclosed email addresses of about
76,000 Mozilla Developer Network (MDN) users and encrypted
passwords of about 4,000 users.
Mozilla said the issue came to light ten days ago when one of its
web developers discovered that, starting on about June 23, for a
period of 30 days, a data sanitization process of the Mozilla
Developer Network (MDN) site database had been failing, resulting
in the disclosure of MDN email addresses of about 76,000 users and
encrypted passwords of about 4,000 users on a publicly accessible
server. The database dump file was quickly removed from the server
and the process that generates the dump was disabled to prevent
further disclosure. However, Mozilla cannot be sure whether there
was any malicious activity on that server.
"We are known for our commitment to privacy and security, and we
are deeply sorry for any inconvenience or concern this incident
may cause you," said Stormy Peters, Director of Developer
Relations at Mozilla.
The encrypted passwords were salted hashes and they by themselves
cannot be used to authenticate with the MDN website today. Still,
it is possible that some MDN users could have reused their
original MDN passwords on other non-Mozilla websites or
authentication systems. Mozilla has sent notices to the users who
were affected. For those that had both email and encrypted
passwords disclosed, Mozilla recommended that they change any
similar passwords they may be using.