Mozilla 'accidentally' reveals developer emails and passwords

Around 76,000 users of Mozilla's developer network have had their email addresses posted to a publicly accessible server, with 4,000 users also having their salted and hashed passwords revealed as well.

Lasting for a month beginning on June 23, a failing data sanitiser job caused the disclosure of email addresses and encrypted passwords of members of the Mozilla Developer Network.

In a blog posted over the weekend, Mozilla director of developer relations, Stormy Peters, said that 76,000 users had their email address exposed via a database dump that was accessible to the wider internet. The dump also contained 4,000 encrypted user passwords.

"As soon as we learned of it, the database dump file was removed from the server immediately, and the process that generates the dump was disabled to prevent further disclosure," said Peters. "While we have not been able to detect malicious activity on that server, we cannot be sure there wasn’t any such access."

Peters said that affected users have been notified of the breach, and for those whose password hashes were disclosed, that any similar passwords on other services be changed.

In recent weeks, Mozilla added a file reputation service to its Firefox browser, that sends a SHA-256 hash to Google's Safe Browsing Service prior to downloading a file in an effort to cut down on malware downloads.

Mozilla is currently experiencing a drawn out decline in usage of its Firefox browser, with statistics from Net Applications revealed over the weekend showing that Chrome has displaced Firefox as the second most-popular desktop browser — 20.4 percent against 15.1 percent.

Show Comments