Wednesday, 6 August 2014

Thousands of Mozilla Developers Emails and Password Exposed Accidentally

Mozilla
Mozilla on Friday notified users of its Mozilla Developer Network (MDN) that the company has accidentally exposed the e-mail addresses and cryptographically protected passwords of thousands of Mozilla developers.

The email addresses of over 76,000 members of its Developer Network, along with 4000 “salted” passwords were disclosed through a database glitch that may have been exploited by hackers, Mozilla officials warned Friday.

The database glitch caused due to a data "sanitization" process failure, that was lasted for a month beginning on June 23, which inadvertently published the records of members of the MDN and left on a publicly accessible server for around a month until one of the outfit’s web developers discovered their presence on a server accessible to the general public around a couple of weeks back, according to a blog post.
"As soon as we learned of it, the database dump file was removed from the server immediately, and the process that generates the dump was disabled to prevent further disclosure," Stormy Peters, director of developer relations, and Joe Stevensen, operations security manager, wrote.
"While we have not been able to detect malicious activity on that server, we cannot be sure there wasn't any such access."
There is no such indications that the exposed data was accessed by any hacker or cyber mind, but Mozilla officials investigating the disclosure can't ignore the possibility.

Mozilla said that the login information couldn't be used by an attacker to access Mozilla Developer Network accounts, but they may be able to access other user accounts secured with the same cracked password.

Mozilla apologised for the inconvenience caused to its users and said it is working on both short-and long-term fixes. The company said that affected users have been notified of the breach and those users whose password hashes were disclosed are warned to change their similar passwords used on other services.

In addition to notifying users and recommending short term fixes, we’re also taking a look at the processes and principles that are in place that may be made better to reduce the likelihood of something like this happening again. If you have questions, please reach out to security@mozilla.org,” the duo said.

Reference- http://thehackernews.com/

No comments:

Post a Comment