The free software community and creators of the popular web browser Firefox has confirmed the exposure of thousands of Mozilla developers’ email addresses, including some encrypted passwords.
Mozilla’s Director of Developer Relations Stormy Peters reported late last week that the massive disclosure was due to a database malfunction:
“The issue came to light ten days ago when one of our web developers discovered that, starting on about June 23, for a period of 30 days, a data sanitization process of the Mozilla Database Network (MDN) site database had been failing, resulting in the accidental disclosure of MDN email addresses of about 76,000 users and encrypted passwords of about 4,000 users on a publicly accessible servers”
Peters stated the database dump file was removed from the server immediately after Mozilla became aware of the issue. Although Mozilla claims they have yet to detect malicious activity on the server, Mozilla recognizes “we cannot be sure there wasn’t any such access.”
Developers affected by the leak have been notified, and as always, Mozilla recommends changing passwords.
“We’re also taking a look at the processes and principles that are in place that may be made better to reduce the likelihood of something like this happening again,” said Peters.
However, this is not the first time Mozilla accidentally reveals sensitive information. Back in 2010, a database containing user IDs and password hashes was mistakenly made public, exposing more than 44,000 of its users.
Read More Here…