madison

Zero Day

Ryan Naraine and Dancho Danchev
Home / News & Blogs / Zero Day

Mozilla shuts online store after security breach

By | August 5, 2009, 11:53am PDT

Summary: The Mozilla Foundation has shuttered its e-commerce store after confirming a security breach at GatewayCDI, the third-party vendor that handles the store’s backend operations. The open-source groups said it has asked Gateway CDI to quickly notify individuals who had their sensitive data compromised.  Mozilla did not elaborate on the extent of compromised customer data. Mozilla said it [...]

The Mozilla Foundation has shuttered its e-commerce store after confirming a security breach at GatewayCDI, the third-party vendor that handles the store’s backend operations.

The open-source groups said it has asked Gateway CDI to quickly notify individuals who had their sensitive data compromised.  Mozilla did not elaborate on the extent of compromised customer data.

Mozilla said it found out about the breach on Monday (August 4, 2009) and took the immediate preventative step of shutting down the Mozilla Store to ensure that no additional users could be compromised.

Mozilla immediately reached out to GatewayCDI and encouraged them to quickly inform individuals whose data had been compromised.  GatewayCDI is currently investigating their systems and determining the cause and extent of the breach.  Mozilla Store customers who are affected will be contacted directly by GatewayCDI.

Mozilla is committed to user privacy and the store will only be reinstated once we have a satisfactory assurance of ongoing login security and data privacy.

The Mozilla Store is currently displaying a “closed for maintenance” notice.

Mozilla said its international store, which is managed by a separate partner company, has also temporarily been shut down as a precautionary measure.

The Mozilla Community Store, which is separate, was not impacted.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Online Store, Mozilla Corp., Mozilla Store, GatewayCDI, Security, Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a security evangelist. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

Talkback Most Recent of 35 Talkback(s)

  • Mozilla shuts online store after security breach
    They must have been running linux.
    ZDNet Gravatar
    Loverock Davidson
    5th Aug 2009
  • A small clue...
    http://www.gatewaycdi.com/site/careers.asp#joblink_2

    Looks like the only database experience you need to work for them is MS SQL. Unless they have a special Linux version of SQL that nobody else is allowed to buy, you're wrong again..

    Why am I not surprised?
    ZDNet Gravatar
    daftkey
    5th Aug 2009
  • Well.....
    There is more to it than just a database. You can have other app processes running on anything. Not saying it wasn't SQL that got compromised but there is also other things that could be the source of the compromise.
    ZDNet Gravatar
    OhTheHumanity
    5th Aug 2009
  • That's why it's only a "clue"..
    and with any clue, a little deduction is required..

    Granted, I agree an RDBMS isn't the end-all and be-all of a webstore, but it's a pretty major-league part. I would have my doubts that a company that wouldn't trust their front-end to Windows would trust their back-end to it.

    I would expect a Linux-based web store to require a Database Administrator to have some working knowledge of MySQL, PostgreSQL, Oracle, Apache, or Linux itself.

    Oh yeah, and the .asp on the end of that last link is also a small clue that Windows is running the website as well.
    ZDNet Gravatar
    daftkey
    5th Aug 2009
  • Ok, so...
    Why is Mozilla even doing business with a third party that is using closed
    source software? Sort of funny and ironic!
    ZDNet Gravatar
    rkuhn040172@...
    5th Aug 2009
  • Only ironic if Mozilla are rabid open source zealots..
    ..which they very well could be, but they might turn a blind eye if the price is right and the store agrees not to impede on their core business..

    Mozilla may be a little more practical-minded than that, though.. You have to remember that they were originally born out of a wholly commercial, closed-source development, and only went open source when Microsoft stole their lunch and kicked them off the "cool kids" table.
    ZDNet Gravatar
    daftkey
    6th Aug 2009
  • Obviously you've missed the thousands of posts by...
    ...Dietrich Schmidt. Though it is understandable as the mods keep deleting them.
    ZDNet Gravatar
    ye
    6th Aug 2009
  • HA HA OWNED!!!
    As usual you draw the conclusion without looking at the big picture.

    Got served a steaming pile that time.

    Hope your boyfriend mgp comes to bail you out.
    ZDNet Gravatar
    itanalyst2@...
    5th Aug 2009
  • A single job posting is pretty weak.
    Hardly indicative of what the Mozilla site is being hosted on.
    ZDNet Gravatar
    ye
    6th Aug 2009
  • Are you serious?
    Using a job posting to determine what a site is hosted on? How lame. How about Netcraft:

    Linux Apache/1.3.39 Unix PHP/5.2.5 mod_ssl/2.8.30 OpenSSL/0.9.8g

    http://toolbar.netcraft.com/site_report?url=http://store.mozilla.org

    ZDNet Gravatar
    ye
    6th Aug 2009
  • Touche!
    ..can't argue with that one.. Don't like what it means, though.. happy
    ZDNet Gravatar
    daftkey
    6th Aug 2009
  • It means Linux and its related technology is no better...
    ...than Windows. That it suffers the same types of problems as Windows.
    ZDNet Gravatar
    ye
    6th Aug 2009
  • We all knew that.. except for a few zealots..
    ..and I can live with that "revelation".. it only means that we have to be diligent no matter who we are and what we're running.. no big surprise there.

    No.. the part that I don't like is that Humpstone's guess, regardless of being a baseless shot-in-the-dark troll grumble, is nonetheless correct.
    ZDNet Gravatar
    daftkey
    6th Aug 2009
  • Hardly baseless.
    It seems reasonable to assume the OSS community would use OSS technology for the distribution of their software. What was baseless is the assumption that a job posting for MS-SQL implies use of Microsoft technology for the site.
    ZDNet Gravatar
    ye
    6th Aug 2009
  • @ye - are you sure about that..
    "It seems reasonable to assume the OSS community would use OSS technology for the distribution of their software. "

    I would agree with that, had Mozilla been hosting their own webstore, but they weren't. They weren't really "using" anything. They were hiring someone else to "use" the software to run the web store. Most reasonable people couldn't give a rats ass what tool a third-party business is using so long as they can guarantee a certain level of service and protection. I don't see why an OSS developer should be any different, unless they were more interested in politics than business.

    "What was baseless is the assumption that a job posting for MS-SQL implies use of Microsoft technology for the site."

    It was a job posting for a DBA and it listed *ONLY* MS SQL server as a requirement. It doesn't take much to put two-and-two together here. In this case I was wrong and I admit it, but it doesn't mean that it was baseless - it certainly gives more of a view of what is important to this particular company than an assumption of the motives of one of its customers would.
    ZDNet Gravatar
    daftkey
    6th Aug 2009
View More Comments

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
Click Here
Click Here

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
Click Here