The Mozilla Blog

News, notes and ramblings from the Mozilla project

Mozilla Store Vendor Security Breach

· Mozilla News

Today, Mozilla discovered that GatewayCDI, the third party vendor entrusted to run the backend of the Mozilla Store, suffered a security breach. Once notified, we took the immediate preventative step of shutting down the Mozilla Store to ensure that no additional users could be compromised.

Mozilla immediately reached out to GatewayCDI and encouraged them to quickly inform individuals whose data had been compromised.  GatewayCDI is currently investigating their systems and determining the cause and extent of the breach.  Mozilla Store customers who are affected will be contacted directly by GatewayCDI.

Mozilla is committed to user privacy and the store will only be reinstated once we have a satisfactory assurance of ongoing login security and data privacy.

The International Mozilla Store, although run by a separate partner company, has also temporarily been shut down as a precautionary measure. The Mozilla Community Store is operated on a wholly separate system and was not impacted by the breach.

27 responses to “Mozilla Store Vendor Security Breach”

  1. Pingback from Uh-oh: Mozilla Store goes down after security breach | iTech Report on at 9:49 pm:

    [...] said in a post today that it is only the International store that has been affected, and says the Community Store [...]

  2. Pingback from Mozilla Store Vendor Security Breach :: The Mozilla Blog on at 11:14 pm:

    [...] See more here: Mozilla Store Vendor Security Breach :: The Mozilla Blog [...]

  3. Pingback from Mozilla suspende operações da loja online por brecha de segurança « blog da informação on at 9:06 am:

    [...] “A Mozilla descobriu uma falha de segurança no serviço da GatewayCDI e tomamos imediatamente uma providência preventiva suspendendo a Mozilla Store para nos certificarmos de que nossos usuários não seriam prejudicados”, alertou a companhia em seu blog. [...]

  4. Pingback from Mozilla Store Vendor Security Breach :: The Mozilla Blog | Webmaster Tools on at 10:40 am:

    [...] Excerpt from: Mozilla Store Vendor Security Breach :: The Mozilla Blog [...]

  5. Pingback from Mozilla Store Breached | WCZone Web Design! | Akron Ohio Website Design - Akron Web Development, Cleveland Web Design, Business Website,Web Programming, Akron, Summit County - Services Cuyahoga Falls Website Design Web Development, Business Website,Web Pr on at 10:44 am:

    [...] announced that the 3rd party vendor hired to run the Mozilla Store had suffered a security breach. They closed the store immediately and that is how it remains as of noon, Wednesday. GatewayCDI is the vendor named by Mozilla. [...]

  6. Pingback from OmReem » Mozilla shuts Firefox e-store after security breach on at 12:11 pm:

    [...] to run the backend of the Mozilla Store, suffered a security breach,” Mozilla said in a warning on its Web site. “Once notified, we took the immediate preventative step of shutting down the [...]

  7. Pingback from Mozilla suspende operações da loja online por brecha de segurança | GUIA MCSE on at 12:15 pm:

    [...] “A Mozilla descobriu uma falha de segurança no serviço da GatewayCDI e tomamos imediatamente uma providência preventiva suspendendo a Mozilla Store para nos certificarmos de que nossos usuários não seriam prejudicados”, alertou a companhia em seu blog. [...]

  8. GatewayCDI wrote on at 12:41 pm:

    **Update 5:57 p.m**

    Our previous message about the security breach at the Mozilla Store was unclear about what we are doing to protect your private information.

    You do not need to take any action to change your username or password on the now deactivated Mozilla Store. We will be deleting all of your Mozilla Store information, including your existing username and password, from our database as a precaution.

    You should assume the username and password you used on the Mozilla Store has been compromised and take steps to change that password on any other web services you currently use.

    At this time we do not believe any credit card information has been compromised. However, we are conducting a complete security review, and having an independent security firm audit our findings. We anticipate this review will be complete by August 7th, 2009. We will notify you via email once our review is complete.

    Again, GatewayCDI apologizes for any inconvenience this may cause. We value our customers and their online security is a top priority to our organization.

    Sincerely,

    Conrad Franey
    Chief Marketing Officer
    GatewayCDI

    **Original Comment **

    Dear Valued Mozilla Customer:

    It has been brought to our attention that the Mozilla Store has had a security breach. We take all security breaches very seriously, and are working hard to determine the extent of the violation. In the meantime, the site has been taken down as a protective measure.

    At this time we do not believe any credit card information has been compromised. However, some Mozilla Store customers’ user names and passwords have been exposed. It is our strong recommendation that all Mozilla Store customers proactively change their user name and passwords for their Mozilla Store account and all other accounts that use the same information. We will not bring the site back up until we are confident that we have addressed all security issues. A notification will be sent to you when the site goes back up.

    GatewayCDI apologizes for any inconvenience this may cause. We value our customers and their online security is a top priority to our organization.

    Sincerely,

    Conrad Franey
    Chief Marketing Officer
    GatewayCDI

  9. Pingback from Falha de segurança obriga Fundação Mozilla a fechar loja : Geek Gear on at 1:02 pm:

    [...] Via The Mozilla Blog [...]

  10. Pingback from Internet Evolution - Security Clan Editor's Blog - 'Off' Switch a New Tool in Security Arsenal on at 1:14 pm:

    [...] run the backend of the Mozilla Store, suffered a security breach," the software vendor said on its company blog yesterday. "Once notified, we took the immediate preventative step of shutting down the Mozilla [...]

  11. Pingback from Tripletech TI Solutions » Falha de segurança fecha loja da Mozilla on at 3:26 pm:

    [...] para garantir que as contas dos usuários não sejam comprometidas”, informou a companhia em seu blog oficial. A prestadora de serviços está investigando o sistema para definir a identidade dos clientes [...]

  12. Pingback from Webwinkel Mozilla gehackt - BLOG PC Web plus - on at 12:40 am:

    [...] partij die de backend voor de Mozilla Store regelt, gehackt was. Mozilla zou GatewayCDI hebben aangemoedigd om alle betrokken individuen wier gegevens gestolen zijn zo spoedig als mogelijk te [...]

  13. Pingback from Mozilla shuts online store after security breach on at 2:07 am:

    [...] said it found out about the breach on Monday (August 4, 2009) and took the immediate preventative step of shutting down the Mozilla [...]

  14. Pingback from Falha de segurança fecha loja da Mozilla - Linha digital ~] on at 4:48 am:

    [...] para garantir que as contas dos usuários não sejam comprometidas”, informou a companhia em seu blog oficial. A prestadora de serviços está investigando para encontrar os clientes prejudicados, ainda é [...]

  15. Pingback from Mozilla Shut Down E-Store after Firefox Security Leak « Boonx's Blog on at 9:06 am:

    [...] vendor entrusted to run the backend of the Mozilla Store, suffered a security breach," Mozilla wrote on its blog. "Once notified, we took the immediate preventative step of shutting down the Mozilla Store to [...]

  16. Pingback from Mozilla E-Store Hacked | IT Security Blog on at 10:31 am:

    [...] firm that Mozilla had hired to deal with their backend operations has suffered a security breach. Mozilla immediately issued a statement about the issue: Today, Mozilla discovered that GatewayCDI, the third-party vendor entrusted to run the backend of [...]

  17. Pingback from Techknology’s Blog » Mozilla Shut Down E-Store after Firefox Security Leak on at 2:05 pm:

    [...] vendor entrusted to run the backend of the Mozilla Store, suffered a security breach,” Mozilla wrote on its blog. “Once notified, we took the immediate preventative step of shutting down the Mozilla Store [...]

  18. Pingback from Special Blog to All » Mozilla Store Vendor Security Breach :: The Mozilla Blog on at 2:57 pm:

    [...] the rest here:  Mozilla Store Vendor Security Breach :: The Mozilla Blog This entry is filed under Blog. You can follow any responses to this entry through the RSS 2.0 [...]

  19. Pingback from Mozilla Store suspende operaciones por problema de seguridad on at 7:04 pm:

    [...] : – Mozilla Store Vendor secutiry breach (blog de Mozilla) – Mozilla Store security breached (InformationWeek) Post a [...]

  20. Pingback from BagulhoDoido » Blog Archive » Falha de segurança obriga Fundação Mozilla a fechar loja on at 6:33 pm:

    [...] Via The Mozilla Blog [...]

  21. Pingback from BagulhoDoido » Blog Archive » Falha de segurança obriga Fundação Mozilla a fechar loja on at 6:35 pm:

    [...] The Mozilla Blog AKPC_IDS += "135,";Popularity: unranked [...]

  22. Pingback from Falha de segurança obriga Fundação Mozilla a fechar loja « Bagulho Doido on at 6:52 pm:

    [...] The Mozilla Blog AKPC_IDS += "4,";Popularity: unranked [...]

  23. Pingback from Mozilla Store closed after security breach | Cafe Blog on at 12:35 am:

    [...] a blog post Mozilla confirmed that it had decided to suspend the store after it was discovered that GatewayCDI, [...]

  24. Pingback from International Mozilla Store Back Online | Easy Firefox on at 6:10 pm:

    [...] Mozilla Store offline as a precautionary measure after being notified of the GatewayCDI security breach that impacted the North American Mozilla Store. After verifying the security of the International [...]

  25. Pingback from International Mozilla Store Back Online « My Blog on at 10:35 pm:

    [...] Mozilla Store offline as a precautionary measure after being notified of the GatewayCDI security breach that impacted the North American Mozilla Store. After verifying the security of the International [...]

  26. Pingback from Mozilla suspende operações da loja online por brecha de segurança | GUIA MCITP on at 6:51 am:

    [...] “A Mozilla descobriu uma falha de segurança no serviço da GatewayCDI e tomamos imediatamente uma providência preventiva suspendendo a Mozilla Store para nos certificarmos de que nossos usuários não seriam prejudicados”, alertou a companhia em seu blog. [...]

  27. Pingback from Mozilla closes shop due to vendor security breach | Endpoint Security Info on at 9:40 pm:

    [...] GatewayCDI, an SMB with offices in three US cities, which runs the Mozilla Store, the foundation said in a blog post quoted by the Register. There is still no information to confirm whether any customers of the [...]