Mozilla Data Leak Affects 76,000E-Mail Addresses, Encrypted Passwords Exposed
Members of the Mozilla Developer Network, the software company's online development community, are being alerted about an accidental disclosure of e-mail addresses and encrypted passwords. Mozilla is best known for its Firefox web browser.
The company learned that a "data sanitization" process the Mozilla Developer Network was undergoing had been failing for a period of 30 days, starting around June 23, which resulted in the exposure of e-mail addresses of about 76,000 users and encrypted passwords of about 4,000 users on a publicly accessible server, Mozilla says.
While it's unclear what geographic locations were affected by the disclosure, the Mozilla Developer Network has contributors from 31 countries, according to the network's website.
"As soon as we learned of it, the database dump file was removed from the server immediately, and the process that generates the dump was disabled to prevent further disclosure," Mozilla says in an Aug. 1 blog. "While we have not been able to detect malicious activity on that server, we cannot be sure there wasn't any such access."
The encrypted passwords were salted, Mozilla says. "Still, it is possible that some MDN users could have reused their original MDN passwords on other non-Mozilla websites or authentication systems," the company says. "We've sent notices to the users who were affected."
Mozilla did not immediately respond to a request for additional information.