Mozilla Admits It Leaked Over 70,000 Developer Email Addresses
Mozilla co-ordinates the development of a number of open-source software projects and technologies on the web through its global initiative called the Mozilla Developer Network (MDN). The company works hard to maintain the privacy and security of its MDN platform, however, it recently admitted that it leaked 76,000 user email addresses from its Mozilla Developer Network.
Mozilla was carrying out a “data sanitization process” on MDN site but it began failing on June 23rd and carried on for a month unnoticed. The email addresses were leaked during this period of time. In addition to the email addresses, encrypted passwords of about 4,000 users were also disclosed on a publicly accessible server.
Mozilla shut down the dump process and also deleted the database dump file to prevent further leakage as soon as they learned about the problem. Mozilla admits that they have not been able to detect any malicious activity on the server but they can’t guarantee that the data wasn’t accessed in the past.
Although the passwords leaked were stored as salty hashes meaning it is very difficult to decrypt them, the company advisable to change them to be on a safe side. They sent notices to the people affected as soon as they got to know the problem. This announcement and notifications were welcomed by the affected users as they praised the fact that they informed them about the breach as early as it was possible.
“Of course such a breach isn’t something that’s supposed to happen, but I really want to say that you did the right thing by informing everybody as quickly as possible,” wrote a user who received notification about the leak.
Affected users are asking Mozilla to disclose further details about the leakage. They want to know whether only their email addresses have been disclosed or all of their information has been leaked.
Mozilla takes pride in offering better privacy and security to its users, and this news has dealt a blow. In addition to short fixes, Mozilla is working on a long-term solution to avoid such mishaps from happening in future.
“We are known for our commitment to privacy and security, and we are deeply sorry for any inconvenience or concern this incident may cause you,” wrote Stormy Peters at Mozilla Security Blog.