Thousands of Mozilla developers’ e-mail addresses, password hashes exposed

  • 2 August 2014
  • 3 replies
  • 1468 views

Userlevel 7
Badge +54

A database glitch caused the data to reside on a publicly accessible server.

by Dan Goodin - Aug 2 2014,
 
E-mail addresses and cryptographically protected passwords for thousands of Mozilla developers were exposed through a database glitch that may have been exploited by hackers, Mozilla officials warned Friday.
About 76,000 e-mail addresses and 4,000 password hashes were left on a publicly accessible server for about 30 days beginning June 23, according to a blog post. There is no indication the data was accessed, but Mozilla officials investigating the disclosure can't rule out the possibility. Hackers who might have managed to crack the hashes wouldn't be able to use the passwords to access Mozilla Developer Network accounts, but they may be able to access other user accounts secured with the same cracked passcode. The glitch was touched off when a data "sanitization" process failed, causing the addresses and hashes to be dumped to a publicly accessible server.
 
Full Article

3 replies

Userlevel 7
Badge +52
Email addresses of 76,000 members of Mozilla Developer Network (MDN) and 4,000 passwords have become publicly available because of a process failing to sanitize data properly.

Mozilla issued a warning about the incident, saying that they were informed by a web developer that around June 23 a data sanitization flaw caused the disclosure of the sensitive information about the developers.
 
Full Article
Userlevel 7
You would think Mozilla had all the security issues covered as good as they are!!!!
Userlevel 6
@Antus67 wrote:
You would think Mozilla had all the security issues covered as good as they are!!!!
Well, this one was an internal security issue. It doesnt appear to involve a leak of personal information, but a possible leak of their "trade secrets".
 
My father used to say when I was a kid "the shoemakers kids dont have shoes"

Reply