Printed from http://www.electronista.com

Mozilla warns of accidental disclosure of developer network database

updated 07:33 pm EDT, Wed August 6, 2014

About 76,000 email addresses, 4,000 encrypted passwords were publicly accessible

At the beginning of the month, Mozilla issued a release on its security blog that there had been an investigation into accidental disclosure of its database for the Mozilla Developer Network (MDN). The company discovered a problem after a web developer found out that the data sanitization process it runs on the MDN database had been failing. The result was that 76,000 email addresses of account holders, as well as the "passwords of about 4,000 users" were able to be accessed publicly.

Mozilla says that as soon as the discovery was made, the dump file for the database was removed. It's possible, however, that the damage could have already been done. The issue with the database sanitation first started on June 23, but it ended up going on for 30 days. While Mozilla couldn't find any proof of malicious activity on the server in question, it cannot say with certainty that nefarious parties didn't access the data.

"We are known for our commitment to privacy and security, and we are deeply sorry for any inconvenience or concern this incident may cause you," said Director of Developer Relations Stormy Peters, and Operations Security Manager Joe Stevensen, in the joint statement.

According to Mozilla, the encrypted passwords that any party could find were salted hashes that could no longer be used to access the MDN website. However, the company realizes that some parties could have reused their MDN passwords in other locations. Mozilla said it reached out to the people affected to recommend they change passwords, especially those that had emails and passwords exposed, in the chance that the encryption was cracked.

It took Mozilla a total of 10 days to conclude its investigation. The company said it would be looking into "the processes and principles" that it has in place, with the aim of reducing the chance that such a problem could arise in the future.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Plantronics Rig Surround 7.1 headset

Trying to capture the true soundscape of video games can be a daunting task. Looking to surround sound home theater options, users hav ...

Kenu Airframe +

Simple, stylish and effective, the Kenu Aiframe + portable car mount is the latest addition to Kenu's lineup. Released earlier this ye ...

Adesso Compagno X Bluetooth keyboard

The shift from typing on physical keyboards to digital versions on smartphones and tablets hasn't been an easy for many consumers. Fro ...

Sponsor

toggle

Most Commented

 
toggle

Popular News