The database glitch caused due to a data "sanitization" process failure, that was lasted for a month beginning on June 23, which inadvertently published the records of members of the MDN and left on a publicly accessible server for around a month until one of the outfit’s web developers discovered their presence on a server accessible to the general public around a couple of weeks back, according to a blog post.
"As soon as we learned of it, the database dump file was removed from the server immediately, and the process that generates the dump was disabled to prevent further disclosure," Stormy Peters, director of developer relations, and Joe Stevensen, operations security manager, wrote.
"While we have not been able to detect malicious activity on that server, we cannot be sure there wasn't any such access."
There is no such indications that the exposed data was accessed by any hacker or cyber mind, but Mozilla officials investigating the disclosure can't ignore the possibility.
Mozilla said that the login information couldn't be used by an attacker to access Mozilla Developer Network accounts, but they may be able to access other user accounts secured with the same cracked password.
Mozilla apologised for the inconvenience caused to its users and said it is working on both short-and long-term fixes. The company said that affected users have been notified of the breach and those users whose password hashes were disclosed are warned to change their similar passwords used on other services.
“In addition to notifying users and recommending short term fixes, we’re also taking a look at the processes and principles that are in place that may be made better to reduce the likelihood of something like this happening again. If you have questions, please reach out to security@mozilla.org,” the duo said.
Reference- http://thehackernews.com/
No comments:
Post a Comment