Feeds

Mozilla gaffe exposed 76,000 email addresses, 4000 passwords

You know the drill: Utter expletive, grind teeth, change passwords, get on with life

Protecting against web application threats using SSL

Mozilla has 'fessed up to accidentally exposing the email addresses for 76,000 members of its Developer Network, along with 4000 encrypted passwords.

The breach was caused by a bad script that on July 23 was found to have inadvertently published the records online over the previous month.

The offending data sanitisation process failed, resulting in the breach, Mozilla's developer and security heads Stormy Peters and Joe Stevensen wrote in a co-authored post.

"As soon as we learned of it, the database dump file was removed from the server immediately, and the process that generates the dump was disabled to prevent further disclosure," they said.

"While we have not been able to detect malicious activity on that server, we cannot be sure there wasn't any such access."

The exposed passwords were salted hashes but further technical details have not been revealed. The paid warned Mozilla Developer Network users to change affected passwords that were re-used on other websites.

The duo said Mozilla would review unspecified security measures including "processes and principles" that may prevent a repeat breach.

Mozilla has had few security breaches. A similar breach occurred back in 2010 when a security researcher found a partial database of 44,000 inactive Mozilla addons on a public server. ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.