Mozilla's Developer Network Site Has Leaks
Mozilla's website dedicated to developers has suffered from a database error that has exposed email addresses and encrypted passwords of registered users for about a month, the company announced.
About 76,000 Mozilla Development Network (MDN) users had their email addresses exposed, along with around 4,000 encrypted passwords, said Stormy Peters, director of development relations, and Joe Stevensen, operations security manager. Many of those affected have already been notified.
The leak was caused by what Mozilla is referring to as a failed "data sanitization process." While the company said it has not been able to detect malicious activity on its servers, Peters added that Mozilla cannot be sure there wasn’t any such access.
The post announcing the leak notes the following:
"The encrypted passwords were salted hashes and they by themselves cannot be used to authenticate with the MDN website today. Still, it is possible that some MDN users could have reused their original MDN passwords on other non-Mozilla websites or authentication systems. We’ve sent notices to the users who were affected. For those that had both email and encrypted passwords disclosed, we recommended that they change any similar passwords they may be using."
"In addition to notifying users and recommending short term fixes, we’re also taking a look at the processes and principles that are in place that may be made better to reduce the likelihood of something like this happening again. If you have questions, please reach out to firstname.lastname@example.org."
A web developer first noticed the leak about 10 days ago and Mozilla officials say the company is "deeply sorry" about the incident.