Mozilla accidentally leaks 76,000 email ids and 4000 password hashes of its developers on a public web server

Mozilla is the foundation behind popular Firefox Web Browser. Its web browser is very popular among testers, pen testers and developers.  Yesterday Mozilla Foundation issued a warning that it had mistakenly exposed information on almost 80,000 members of its Mozilla Developer Network (MDN) as a result of a botched data sanitization process internally.
Stormy Peter, Director of Developer Relations at Mozilla Foundation said that Mozilla issued a public statement via its Mozilla Security Blog on Friday.

As per the Blog, Mozilla Developer Data Exposed “Starting on about June 23, for a period of 30 days, a data sanitization process of the Mozilla Developer Network (MDN) site database had been failing, resulting in the accidental disclosure of MDN email addresses of about 76,000 users and encrypted passwords of about 4,000 users on a publicly accessible server.”

The data was leaked on to a public server but it doesnt necessarily mean that all the cyber users had access to it.  But it also means that if some person with a mala fide intent has downloaded the date before it was cleaned up, those 76000 developers are in for a lot of hell in future.  Though Peter said that Mozilla hasn’t seen any malicious activity the server, but also noted they can’t rule it out as of now.

As for the data downloads, it has been download only a small number of times according to a comment posted by Julien Vehent on Y Combinator's Hacker News.

"We traced back as much as we could. Access logs, netflow data, etc.," the user wrote. "We found that the tar.gz containing the DB dump had been downloaded only a small number of times. Mostly by known contributors. But we can't rule out that someone with malicious intentions got access to it."

According to Peter, the encrypted passwords were salted hashes and they by themselves cannot currently be used to authenticate with the MDN. However, Peter warned that MDN users may be at risk if they reused their original MDN passwords on other non-Mozilla websites or authentication systems. Peter further clarified in comments on the blog that the exposed passwords included salts that were unique to each user record.

Mozilla Foundation has sent notices to all the affected developers and suggested that those who had both email and password information exposed change any similar passwords they may be using elsewhere.
The owner of will not be liable for any errors or omissions in this information nor for the availability of this information. The owner will not be liable for any losses, injuries, or damages from the display or use of this information.Report any Broken Download linkon Blogmytuts Facebook Page. IF YOU WANT TO BORROW MY CONTENT PLEASE CONTACT US..
Share on Google Plus

About Jaime Lacson

A Freelance Computer Tech with knowledge about computer, router and mobile phones, especially in Upgrade and Downgrade OS, Software and Hardware troubleshooting. follow me at Google+
    Blogger Comment
    Facebook Comment