August 5, 2014
Mozilla Error Discloses Thousands Of Developers’ Email Addresses And Passwords
John Hopton for redOrbit.com - Your Universe Online
Thousands of email addresses and encrypted password details were accidentally made available for public access by Mozilla, following a month long failure in the "data sanitization process" on the Mozilla Developer Network (MDN) site database.
A blog post from Mozilla on August 1st revealed that the email addresses of around 76,000 users of the network, along with around 4,000 password hashes, had leaked onto a publicly accessible server. Mozilla said that as soon as the problem was discovered, "the database dump file was removed from the server immediately, and the process that generates the dump was disabled to prevent further disclosure."
The extent of possible damage was unclear, as potential victims were told that although no malicious activity had been detected on the server, Mozilla "cannot be sure there wasn't any such access." While any potential hackers who were able to crack the hashes which obscure passwords would not be able to use the details to gain any kind of access on the Mozilla Developer Network, they could be in a position to use them in other locations around the web where the same security information has been used.
Users who were affected were informed, and, in the case of those who had both email address and encrypted passwords exposed, advised that they should change any similar passwords. Beyond those short term measures, Mozilla told its users that they were "also taking a look at the processes and principles that are in place that may be made better to reduce the likelihood of something like this happening again."
Apologizing for the misstep in data sanitization, which ironically is meant to protect users' privacy, Stormy Peters, Director of Developer Relations, wrote that "We are known for our commitment to privacy and security."
As The Telegraph points out in its reporting on the story, Mozilla made a statement of their commitment to privacy last year when they asked a British surveillance software company to cease using their browser as a front for governments to surreptitiously collect data from citizens. Conversely, in March 2010 the German government advised people to choose a different browser, after a Firefox security loophole was discovered that could allow computers to be infected with malware.
Mozilla's progress has faltered in recent months as Google Chrome is reported to have replaced Firefox as the second most popular browser on the market. The margin of 20.4 percent to 15.1 percent was roughly the same in reverse a year ago, in Firefox's favor. Those figures come from Net Applications, while alternative figures come from the analysts Statcounter, who say that Firefox has a 19.2 percent share of the market. Either way, Mozilla's browser is behind Chrome and Internet Explorer, and the community could do without having to admit to any more incidents of the kind that they this week stated they were "deeply sorry" for.